Re: ISE Posture Patch Mgmt Windows Update Agent Definition check issue

murat001 · ‎04-23-2024

Hi all.

Cisco ISE Posture Windows Patch Management Definition update not working properly.

Cisco ISE version 3.2 patch 5.

Client Agent : Cisco Secure Client 5.1.2 42

Windows client 11 23H2 and Windows Update version is 1023.x.

Comliance Module : Actually I tried with many latest compliance module. But Results are same . Compliance module version is 4.3.4015.8192 that i am using now. . This compliance module seems to be support the Windows update agent definition update check. But not working.

If i use only "installation" condition on windows update agent with1023.x . it is working . But if i use "important or critical up to date "condition", it is not working.

Cisco Secure Client posture client can not getting definition update information.

Also I am getting following error in Cisco Secure Posture client dart log ? I think opswat can not obtain windows security patch in Windows 11 1023.x . I coudnt try yet with other windows versions ? I will try with win10.

2024/04/24 14:53:39 [Information] csc_eliseposture Function: COpswat::InstallMissingPatches Thread Id: 0x6B2C File: libopswat.cpp Line: 918 Level: debug Checking for Critical patches to update.
2024/04/24 14:53:48 [Warning] csc_eliseposture Function: COpswat::filterPatchesBasedOnSeverity Thread Id: 0x6B2C File: libopswat.cpp Line: 684 Level: warn Error in getting severity of KB id 5037591 . Status : <General Error>.
2024/04/24 14:53:48 [Error] csc_eliseposture Function: COpswatV4Plugin::invokeMethod Thread Id: 0x6B2C File: opswatV4Plugin.cpp Line: 945 Level: error Opswat returned error: -20 and converted to: 5.

is there any suggestion for this ? Has anyone tried such a scenario and been successful?

Thanks for support in advance ...

ahollifield · ‎04-24-2024

I would suggest opening a TAC case.