Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1094
Views
2
Helpful
2
Replies

Troubleshooting ISE 2.1 Threat-Centric NAC (TC-NAC) with Qualys

lnemec
Level 4
Level 4

‎01-18-2017 12:35 AM

Hi,

I have integrated end setup SE 2.1 Threat-Centric NAC (TC-NAC) with Qualys, but scan request from ISE does not work.

In debug logs I can see: no adapter instance available.




vaservice.log:

2017-01-18 08:13:51,914 DEBUG  [SimpleAsyncTaskExecutor-1][] cpm.va.service.proc

essor.AdminMessageListener -:::::- Got VaInfo message: {"operationType":2,"isPer

iodicScanEnabled":false,"heartBeatTime":1484727228357,"lastScanTime":0}

2017-01-18 08:13:54,956 DEBUG  [SimpleAsyncTaskExecutor-1][] cpm.va.service.proc

essor.AdminMessageListener -:::::- Got VaInfo message: {"operationType":1,"macAd

dress":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","ondemandScanInterval":"48"

,"isPeriodicScanEnabled":false,"periodicScanEnabledString":"0","vendorInstance":

"a129ec20-6cd2-46b6-8560-0682d816f93a","psnHostName":"ise-pan","heartBeatTime":0

,"lastScanTime":0}

2017-01-18 08:13:54,959 DEBUG  [SimpleAsyncTaskExecutor-1][] cpm.va.service.proc

essor.AdminMessageListener -:::::- Got VaInfo message: {"operationType":1,"macAd

dress":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEnabled":fal

se,"heartBeatTime":0,"lastScanTime":0}

2017-01-18 08:13:55,197 INFO   [endpointPollerScheduler-5][] cpm.va.service.proc

essor.EndpointPoller -:::::- VA: EndpointPoller, Size of endpoints sent to adapt

er 1

2017-01-18 08:13:55,197 DEBUG  [endpointPollerScheduler-5][] cpm.va.service.proc

essor.EndpointPoller -:::::- VA: EndpointPoller, no adapter instance available

varuntime.log

2017-01-18 09:13:54,951 DEBUG  [Thread-86][] va.runtime.admin.mnt.EndpointFileRe

ader -:::::- VA: Read va runtime. [{"operationType":1,"macAddress":"00:13:3B:9B:

BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEnabled":false,"heartBeatTime":0

,"lastScanTime":0}, {"operationType":1,"macAddress":"00:13:3B:9B:BB:7C","ipAddre

ss":"10.10.30.20","ondemandScanInterval":"48","isPeriodicScanEnabled":false,"per

iodicScanEnabledString":"0","vendorInstance":"a129ec20-6cd2-46b6-8560-0682d816f9

3a","psnHostName":"ise-pan","heartBeatTime":0,"lastScanTime":0}, {"operationType

":1,"macAddress":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEn

abled":false,"heartBeatTime":0,"lastScanTime":0}]

2017-01-18 09:13:54,952 DEBUG  [Thread-86][] va.runtime.admin.vaservice.VaServic

eRemotingHandler -:::::- VA: received data from Mnt: {"operationType":1,"macAddr

ess":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","ondemandScanInterval":"48","

isPeriodicScanEnabled":false,"periodicScanEnabledString":"0","vendorInstance":"a

129ec20-6cd2-46b6-8560-0682d816f93a","psnHostName":"ise-pan","heartBeatTime":0,"

lastScanTime":0}

2017-01-18 09:13:54,955 DEBUG  [Thread-86][] va.runtime.admin.vaservice.VaServic

eRemotingHandler -:::::- VA: received data from Mnt: {"operationType":1,"macAddr

ess":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEnabled":false

,"heartBeatTime":0,"lastScanTime":0}

2017-01-18 09:14:00,958 DEBUG  [Thread-86][] cpm.va.runtime.util.SequencedFileLi

neReadWriter -:::::- VA: Reading filename : /opt/CSCOcpm/temp/va/vabuffer_0176.t

xt

2017-01-18 09:14:00,958 DEBUG  [Thread-86][] va.runtime.admin.mnt.EndpointFileRe

ader -:::::- VA: Read va runtime. [{"operationType":2,"isPeriodicScanEnabled":fa

lse,"heartBeatTime":1484727238357,"lastScanTime":0}, {"operationType":0,"macAddr

ess":"18:A6:F7:12:B3:EA","isPeriodicScanEnabled":false,"heartBeatTime":0,"lastSc

anTime":0}]

2017-01-18 09:14:00,958 DEBUG  [Thread-86][] va.runtime.admin.vaservice.VaServic

eRemotingHandler -:::::- VA: received data from Mnt: {"operationType":2,"isPerio

dicScanEnabled":false,"heartBeatTime":1484727238357,"lastScanTime":0}

2017-01-18 09:14:09,964 DEBUG  [Thread-86][] cpm.va.runtime.util.SequencedFileLi

neReadWriter -:::::- VA: Reading filename : /opt/CSCOcpm/temp/va/vabuffer_0177.t

xt

On Cisco ISE GUI I can see VA instance is Connected and Active - Knowledge base download in-progress (same status for long time).

Do you have any idea, what can be issue?

Thanks, Laco.

2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎01-18-2017 08:11 PM

You are correct that KB download needs to finish first before a good scan may take place. One possibility that KB download taking a long time is that Qualys not responding to the requests from your ISE due to some limits to your account or the like. Please navigate to Operations > Reports > ISE Reports > Threat Centric NAC, select [ Vulnerability Assessment ] and run it. Hopefully, that would give some indication of the problem.

If possible, please open a TAC case. If not, then please generate a support bundle and check the debug log from the QualysAdapter container.

lnemec
Level 4
Level 4
In response to hslai

‎02-04-2017 12:50 AM

Thanks. I have decrypted SSL communication, so it is clear that I am using only Qualys demo account with restriction for KnowledgeBase :

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.eu/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2017-02-04T08:20:29Z</DATETIME>

    <CODE>2010</CODE>

    <TEXT>You are not allowed to download the KnowledgeBase, please contact your sales representative for more information.</TEXT>

  </RESPONSE>

</SIMPLE_RETURN>

0 Helpful
Customers Also Viewed These Support Documents