cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1092
Views
7
Helpful
2
Replies

ISE posture NON-COMPLIANT not working

peter.matuska1
Level 1
Level 1

Hi,

we use 2.3, patch 6 at the customer and the problem is following. The posture checks the update of the AM database and if it is older than 30 days, the PC should be noncompliant. The problem is that the posture updates stopped to download since 09/30/2018 and we found it out last week. It means everything was compliant all the time. Last week we fixed the updates and it has been downloading updates just fine. The problem is that the PC even with the old AM database is still compliant. When I checked the DART logs I still can see the old date - 09/30/2018, not the current one. There is a posture lease set up  for 7 days. I tried to delete the endpoint from ISE and no luck.

My question is when the anyconnect will download the most current date from ISE? After the lease time? Is it possible to force it?

 

thank you

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

I would suggest to open a TAC case to investigate.

AFAIK deleting the endpoint will expire its posture lease immediately.

View solution in original post

2 Replies 2

hslai
Cisco Employee
Cisco Employee

I would suggest to open a TAC case to investigate.

AFAIK deleting the endpoint will expire its posture lease immediately.

hi, changing the condition "Allow virus definition file to be 30 days older than latest file date" to "current system date" helped.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: