cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

164
Views
1
Helpful
2
Replies
Highlighted
Beginner

MDM ISE policy getting stuck

We are implementing JAMF MDM on our campus. I have 2 policies one to check registration in the MDM and send unregistered devices to the MDM portal. The second policy allows the registered devices on to the network. Where I seem to be stuck is after the device is registered there is no check to allow the endpoint on the network. I've attached the 2 policies. Am I missing something, that would force this check to allow the endpoint on the network after registering? 

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: MDM ISE policy getting stuck

Hi Roger,

The policy looks fine . 

After registration, CoA has to be triggered for the endpoint to re authenticate.

can you please enable prrt_srv log  to check the issue.

Thanks,

Nidhi

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: MDM ISE policy getting stuck

Hi Roger,

The policy looks fine . 

After registration, CoA has to be triggered for the endpoint to re authenticate.

can you please enable prrt_srv log  to check the issue.

Thanks,

Nidhi

View solution in original post

Highlighted
Cisco Employee

Re: MDM ISE policy getting stuck

Adding to Nidhi's, I would suggest to enable DEBUG on MDM and check ise-psc.log for the requests and responses to the partner MDM sites.