cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

320
Views
1
Helpful
1
Replies
Highlighted
Beginner

Posture checks in ISE 2.2 don't appear to verify compliance module version

Hello,

I have just upgraded my 2.1 ISE distributed deployment to 2.2.  After the 2.2 upgrade (I have not installed patch 2 yet as it was just released), my compliance checks are failing for both mac and windows.  These were working perfectly fine under ISE 2.1.  My scenario is the following:

1.)  I have two windows posture rules

       a)  Rule 1 has posture policies and a filter to only run on a Windows machine with ise-compliance module 3.x

       b)  Rule 2 has posture policies and a filter to only run on a Windows machine with ise-compliance module 4.x

2.)  I have two Mac posture rules

       a)  Rule 3 has posture policies and a filter to only run on a Mac machine with ise-compliance module 3.x

       b)  Rule 4 has posture policies and a filter to only run on a Mac machine with ise-compliance module 4.x

Issue:

In my posture logs, when a Windows machine checks in for posture, ISE is running both Rule 1 and Rule 2.  Obviously this fails because a machine cannot have ise-compliance module 3.x and 4.x  It's as if ISE 2.2 is disregarding the ise-compliance module version filter.  The same thing is happening for my Mac Rules.

Anyone seen this before?  Is it fixed in Patch2?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Open a TAC case to troubleshoot these problems.

ISE 2.2.0 Patch 2 Available on Cisco Software Download

The list of resolved bugs in ISE 2.2 Patch 2 can be found here: Release Notes for 2.2.

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

Open a TAC case to troubleshoot these problems.

ISE 2.2.0 Patch 2 Available on Cisco Software Download

The list of resolved bugs in ISE 2.2 Patch 2 can be found here: Release Notes for 2.2.

View solution in original post

Content for Community-Ad