Hi,

I am tidying up old endpoint profiling policies and associated endpoint groups.

I have ran into 2 issues.

Issue 1

I have a profiling policy, lets call it policy1. It has been disabled under Profiling Policies and I have exported all known endpoints via context visibility > export. I have removed any references to this policy on each endpoint and re-imported them all back into ISE. When I filter now in context visibility (Endpoint Profile) on the old group there are 0 entries. My problem is that ISE still believes there are endpoints that match this policy and wont let me delete the profiling policy, example message when I attempt:

Deletion of policy policy1 failed: The policy can not be deleted since it is statically assigned to endpoint(s).

Number of policy deletion failures: 1

So my question is how do I find these endpoints since I cannot filter by policy1 anymore within context visibility as nothing comes up?

Issue 2

I have another policy (policy2) this is assigned to windows machines, the policy has been disabled. I have exported filtered lists out of context visibility several time now, accumulating thousands of devices and removing the references and re-importing. However as soon as I get the list cleared, more entries start appearing the database as I refresh, I checked the live logs on them and it appears to be when a device is turned on as they appear pretty much when their first log is present. 

My question is for this one, how do I gather all the devices with this policy attached (whether online or not at the time of searching) so that I can also delete it?

I'm running ISE v3.2 Patch 7

Cheers, I hope that's clear