Re: Secure Client ISE 3.2 Posture failure

james.tribble · ‎04-16-2024

I have just started using Secure Client Posture on my windows workstations. All but 2 work fine. The two are using the IP of the ISE instead of the FQDN. All systems have the same ISEPostureCFG.xml files on them. If I disable the network connection and re-enable it comes up just fine.

Aref Alsouqi · ‎04-16-2024

What they show as the posture failure reason?

james.tribble · ‎04-16-2024

It comes up with the Security Warning Untrusted Server Certificate. In the text below it shows the IP address instead of the FQDN. and my user click cancel connection which disables the network

Aref Alsouqi · ‎04-16-2024

Could you please check if they have the same "ConnectionData.xml" file which should be located in C:\users\< the user account >\AppData\Local\Cisco\Cisco Secure Client\"?

james.tribble · ‎04-17-2024

I did not see it in that folder it was in c:\ProgramData\Cisco\Cisco Secure Client\ISE Posture\ The connectiondata.xml had two different records in it, the first had the primary as the FQDN and the Backup as a FQDN, then there was a second records statement that had the IP address in the primary and the FQDN for the Backup. Then there is a ISEPostureCFG.XML which I put on every system and in the Callhome list it has the FQDN of the primary.

james.tribble · ‎04-17-2024

Also forgot to add that I removed the second record statement it worked fine the first time, but the second time I logged in it was back in the file.

Smithers53 · ‎04-17-2024

Verify that the posture policy configured in Cisco ISE is correctly defined and aligned with your organization's security requirements. NC Cloud Ensure that the policy criteria, conditions, and requirements are accurately configured to evaluate the posture of connecting clients.

Aref Alsouqi · ‎04-17-2024

Please try to remove the ConnectionData.xml file from the endpoints that are having the issues and restart them and see if that would fix the issue.