Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3223
Views
0
Helpful
6
Replies

ISE Posture with Anyconnect 4.5 getting stuck at 26%

Go to solution
aspandia
Level 1
Level 1

‎03-16-2018 03:54 AM

Hi Experts,

I have an issue, where posture on anyconnect gets stuck at 26% while checking for conditions. I noticed that this is caused due to the SCCM patch definition check which has been specified in one of the conditions.

It is observed that on some machines, there is a certain health check process 'C:\Windows\CCM\ccmrepair.exe' runs, which temporary disables the SCCM client. During this health check, SCCM reports as running, however does not return any data when queried for the patch date. I have observed that this causes anyconnect to stay stuck at 26%, and did not progress any further despite waiting for over 30 minutes. This issue is seen when the condition is kept both mandatory as well as optional. When i kept the condition in the audit state, it got stuck at 96% - 'generating report'.

Is there any workaround to this issue, where we can skip the patch check if SCCM doesnt respond? or is there any method by which i can separately run the patch check condition every 2 days so that it doesnt clash with the health check schedule?


Thank You,

Ashwin

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎03-16-2018 03:04 PM

Please generate a DART right after AnyConnect got stuck at either situation, open a Cisco TAC case if no TAC case yet, and send the DART bundles to TAC for analysis.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
hslai
Cisco Employee
Cisco Employee

‎03-16-2018 03:04 PM

Please generate a DART right after AnyConnect got stuck at either situation, open a Cisco TAC case if no TAC case yet, and send the DART bundles to TAC for analysis.

0 Helpful

Go to solution
misinsuan2229
Level 1
Level 1
In response to hslai

‎08-18-2019 08:49 PM

Can you let us know what was the resolution TAC provided?

0 Helpful

Go to solution
abhishek.marat1
Level 1
Level 1

‎06-14-2018 10:22 AM

Hi Ashwin,

Was this issue resolved for you? We are experiencing similar issues and have a TAC case open. If it was resolved for you, could you please provide a brief overview on the resolution? Appreciate any info provided, thanks!

0 Helpful

Go to solution
abhishek.marat1
Level 1
Level 1

‎08-07-2018 10:50 AM

So, I had a case open with Cisco for this issue. After 2 months of aggressive troubleshooting that had Microsoft involved too, Cisco determined it is a bug in the compliance module version 4.2.1538.0 and 4.3.122.0 . They have opened a bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk68628/?reffering_site=dumpcr to track this issue. The work around they suggested was to disable SCCM updates check. We did it and the users don't experience this issue.

0 Helpful

Go to solution
misinsuan2229
Level 1
Level 1
In response to abhishek.marat1

‎08-18-2019 08:39 PM

This there resolution where we not need to disable SCCM patch scan?

0 Helpful

Go to solution
misinsuan2229
Level 1
Level 1

‎08-18-2019 08:49 PM

Can you let us know what TAC provided as solution?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents