no policy server detected- ISE posture 2.4.0.3-Cisco VPN- DART

anilkumar.cisco · ‎10-20-2021

Hello Team,

i have collected DART file from Cisco Anyconnect VPN (customer side) in order to understand the root cause of issue..

issue user are getting no policy server detected while trying to connect to VPN via Cisco ISE 2.4.0 for posture accessment.

there are multiple file in DART..

Which file need to look kindly advise.

Also what other things i need to look into Cisco ISE..

Mike.Cifelli · ‎10-20-2021

issue user are getting no policy server detected while trying to connect to VPN via Cisco ISE 2.4.0 for posture accessment.

-This means that the posture probe is not reaching ISE. Do you have the respective xml files here: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture

All posture module files are pushed there. Without diving too deep it sounds like the client is not fully provisioned.

Which file need to look kindly advise.

-Look at the event viewer log under ISE Posture Module folder.

anilkumar.cisco · ‎10-20-2021

Thanks,

I have requested the actual time stamp for the issue and above xml logs from the end customer PC.

Any things else need to be requested?

Best Regards

Anil Singh

anilkumar.cisco · ‎10-25-2021

Hello @Mike.Cifelli ,

In event file, i only found Event ID 259 at the time of issue with Multiple events.

Like worning , informational and error.

with few example:-

The description for Event ID 259 from source aciseagent cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The description for Event ID 259 from source nacapi cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The below output from Cisco Any connect serucre Mobile client

******************************************

Date : 10/14/2021
Time : 15:39:22
Type : Information
Source : acvpnagent

Description : Function: ProfileMgr::loadProfiles
File: c:\temp\build\thehoff\negasonic_mr30.297045120452\negasonic_mr3\vpn\api\profilemgr.cpp
Line: 195
No profile is available.

i am not sure what is happening here..

thus enclosing the both logs for your reference.

pls change anyconnect (2).txt to AnyConnect.evetx

Mike.Cifelli · ‎10-25-2021

Please share what files are found here on a troubled client: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture

For the DART logs...take a peek specifically at AnyConnect_ISEPosture (event log) under this dir: Cisco AnyConnect ISE Posture Module

anilkumar.cisco · ‎10-25-2021

What do you mean by peek specifically at AnyConnect_ISEPosture (event log) under this dir: Cisco AnyConnect ISE Posture Module

i have attached that file on this case with .txt extension.

Mike.Cifelli · ‎10-26-2021

Apologies did not realize it was attached. Verify on troubled clients what is found here: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture

anilkumar.cisco · ‎10-26-2021

ok, @Mike.Cifelli .. as this case is old so the provided path data has been updated..

requested the end customer to provide updated DART and logs detail of trouble client C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\ISE Posture

at the same time.. with correct time stamp..