This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a pc that cannot complete posturing.
It shows the below error
I have tried reinstalling the anyconnect client but it does not change.
The pc was compliant awhile ago on ISE, but now it fails.
Can you share the following that may better assist the community with troubleshooting:
-Client OS version
-Anyconnect modules versions
-AnyConnect Compliance module version
Things to consider:
Has anything on the host changed between now and when it was working? Is it possible that another piece of software is preventing it from working (AV/AppLocker/FW)? Check event viewer logs for AnyConnect to see if something sheds some light.
See here for workflow: ISE Posture Prescriptive Deployment Guide - Cisco Community
Thanks for the answer
Client OS version: Windows 10 Enterprise LTSC 10.0 (17763)
Anyconnect modules versions 4.8.03036
AnyConnect Compliance module version 4.8.03036
I show the event viewer also but I cannot figure out the output.
the latest AnyConnect Compliance Module is 4.3.1680.6145, please double check the info that you provided (AnyConnect Compliance module version 4.8.03036).
Please, double check:
1. if the Cisco AnyConnect Secure Mobility ISE Posture Agent is running on the Windows Services !!!
2. the Compliance Module version, on the AnyConnect > click the cog > System Scan > Statistics tab ... check for the Compliance Module Version
Hope this helps !!!
I actually have the same error now but in VPN not in Wired. We are testing the latest compliance module 4.3.1680.6145 in our lab environment before rolling this out in production. Odd thing is we only see this error in company issued laptops and we never seen this in non-corporate machines. We're looking into something our BeyondTrust policy. If anyone has seen or any idea about the error would be great help.
"Failed to load compliance module"
literately means just that -- the ISE Posture module (tile System Scan) is unable to load the library file of ISE Compliance module. It could be not installed properly, corrupted file, OS/security preventing AnyConnect ISE Posture from accessing it.
please take a look at %ProgramFiles%\Cisco\Cisco AnyConnect Secure Mobility Client\opswat for the Compliance Module installation.
Hope this helps !!!
I took a DART dump and I see the below on "Cisco AnyConnect ISE Posture Module" folder
2021/02/08 06:53:32 [Error] aciseposture Function: hs_file_verify_with_killdate Thread Id: 0x13FC File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\libcommon\hs_file_verify_win.c Line: 412 Level: error unable to verify file signature: (C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acas.dll).
2021/02/08 06:53:32 [Error] aciseposture Function: hs_dl_load_alt Thread Id: 0x13FC File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\libcommon\hs_dlhandler.c Line: 232 Level: error file signature invalid, not loading library (C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acas.dll)..
2021/02/08 06:53:32 [Error] aciseposture Function: COpswat::GetInstance Thread Id: 0x13FC File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\libopswat\libopswat.cpp Line: 58 Level: error Failed to create plugin instance. Error: Not Found.
2021/02/08 06:53:32 [Error] aciseposture Function: PostureInfo::GetInstalledProductReport Thread Id: 0x13FC File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\libposture\postureinfo.cpp Line: 825 Level: error Failed to load compliance module..
So ok it fails to load compliance module, but why?
I would do two things:
-Check the AnyConnect Secure Mobility Client & the ISE Posture module event viewer logs line by line before, during, & after testing.
-Do a complete uninstall of every module, and re-test with latest versions on same client + additional clients for more data points.
Can you please check if below dlls are present in mentioned locations?
>acas.dll in C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\
>libwaapi.dll in C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat\
These are OPSWAT dlls which are required for posture assessment. If these dlls aren't present & issue is for specific user, user can try manually reinstalling Compliance Module (CM) locally on the endpoint using pre-deploy build. If these dlls aren't present & issue is for multiple users, please push latest CM to all the enpoints through ISE using web-deploy build. Upgrading the CM though is same as uninstalling old CM version and installing new updated CM.