cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1703
Views
0
Helpful
6
Replies
Highlighted
Beginner

ISE Posture with Anyconnect 4.5 getting stuck at 26%

Hi Experts,

I have an issue, where posture on anyconnect gets stuck at 26% while checking for conditions. I noticed that this is caused due to the SCCM patch definition check which has been specified in one of the conditions.

It is observed that on some machines, there is a certain health check process 'C:\Windows\CCM\ccmrepair.exe' runs, which temporary disables the SCCM client. During this health check, SCCM reports as running, however does not return any data when queried for the patch date. I have observed that this causes anyconnect to stay stuck at 26%, and did not progress any further despite waiting for over 30 minutes. This issue is seen when the condition is kept both mandatory as well as optional. When i kept the condition in the audit state, it got stuck at 96% - 'generating report'.

Is there any workaround to this issue, where we can skip the patch check if SCCM doesnt respond? or is there any method by which i can separately run the patch check condition every 2 days so that it doesnt clash with the health check schedule?


Thank You,

Ashwin

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Please generate a DART right after AnyConnect got stuck at either situation, open a Cisco TAC case if no TAC case yet, and send the DART bundles to TAC for analysis.

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

Please generate a DART right after AnyConnect got stuck at either situation, open a Cisco TAC case if no TAC case yet, and send the DART bundles to TAC for analysis.

View solution in original post

Highlighted

Can you let us know what was the resolution TAC provided?

Highlighted

Hi Ashwin,

Was this issue resolved for you? We are experiencing similar issues and have a TAC case open. If it was resolved for you, could you please provide a brief overview on the resolution? Appreciate any info provided, thanks!

Highlighted

So, I had a case open with Cisco for this issue. After 2 months of aggressive troubleshooting that had Microsoft involved too, Cisco determined it is a bug in the compliance module version 4.2.1538.0 and 4.3.122.0 . They have opened a bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk68628/?reffering_site=dumpcr to track this issue. The work around they suggested was to disable SCCM updates check. We did it and the users don't experience this issue.

Highlighted

This there resolution where we not need to disable SCCM patch scan?

Highlighted
Beginner

Can you let us know what TAC provided as solution?

Content for Community-Ad