cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

782
Views
2
Helpful
2
Replies
lnemec
Enthusiast

Troubleshooting ISE 2.1 Threat-Centric NAC (TC-NAC) with Qualys

Hi,

I have integrated end setup SE 2.1 Threat-Centric NAC (TC-NAC) with Qualys, but scan request from ISE does not work.

In debug logs I can see: no adapter instance available.




vaservice.log:

2017-01-18 08:13:51,914 DEBUG  [SimpleAsyncTaskExecutor-1][] cpm.va.service.proc

essor.AdminMessageListener -:::::- Got VaInfo message: {"operationType":2,"isPer

iodicScanEnabled":false,"heartBeatTime":1484727228357,"lastScanTime":0}

2017-01-18 08:13:54,956 DEBUG  [SimpleAsyncTaskExecutor-1][] cpm.va.service.proc

essor.AdminMessageListener -:::::- Got VaInfo message: {"operationType":1,"macAd

dress":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","ondemandScanInterval":"48"

,"isPeriodicScanEnabled":false,"periodicScanEnabledString":"0","vendorInstance":

"a129ec20-6cd2-46b6-8560-0682d816f93a","psnHostName":"ise-pan","heartBeatTime":0

,"lastScanTime":0}

2017-01-18 08:13:54,959 DEBUG  [SimpleAsyncTaskExecutor-1][] cpm.va.service.proc

essor.AdminMessageListener -:::::- Got VaInfo message: {"operationType":1,"macAd

dress":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEnabled":fal

se,"heartBeatTime":0,"lastScanTime":0}

2017-01-18 08:13:55,197 INFO   [endpointPollerScheduler-5][] cpm.va.service.proc

essor.EndpointPoller -:::::- VA: EndpointPoller, Size of endpoints sent to adapt

er 1

2017-01-18 08:13:55,197 DEBUG  [endpointPollerScheduler-5][] cpm.va.service.proc

essor.EndpointPoller -:::::- VA: EndpointPoller, no adapter instance available

varuntime.log

2017-01-18 09:13:54,951 DEBUG  [Thread-86][] va.runtime.admin.mnt.EndpointFileRe

ader -:::::- VA: Read va runtime. [{"operationType":1,"macAddress":"00:13:3B:9B:

BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEnabled":false,"heartBeatTime":0

,"lastScanTime":0}, {"operationType":1,"macAddress":"00:13:3B:9B:BB:7C","ipAddre

ss":"10.10.30.20","ondemandScanInterval":"48","isPeriodicScanEnabled":false,"per

iodicScanEnabledString":"0","vendorInstance":"a129ec20-6cd2-46b6-8560-0682d816f9

3a","psnHostName":"ise-pan","heartBeatTime":0,"lastScanTime":0}, {"operationType

":1,"macAddress":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEn

abled":false,"heartBeatTime":0,"lastScanTime":0}]

2017-01-18 09:13:54,952 DEBUG  [Thread-86][] va.runtime.admin.vaservice.VaServic

eRemotingHandler -:::::- VA: received data from Mnt: {"operationType":1,"macAddr

ess":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","ondemandScanInterval":"48","

isPeriodicScanEnabled":false,"periodicScanEnabledString":"0","vendorInstance":"a

129ec20-6cd2-46b6-8560-0682d816f93a","psnHostName":"ise-pan","heartBeatTime":0,"

lastScanTime":0}

2017-01-18 09:13:54,955 DEBUG  [Thread-86][] va.runtime.admin.vaservice.VaServic

eRemotingHandler -:::::- VA: received data from Mnt: {"operationType":1,"macAddr

ess":"00:13:3B:9B:BB:7C","ipAddress":"10.10.30.20","isPeriodicScanEnabled":false

,"heartBeatTime":0,"lastScanTime":0}

2017-01-18 09:14:00,958 DEBUG  [Thread-86][] cpm.va.runtime.util.SequencedFileLi

neReadWriter -:::::- VA: Reading filename : /opt/CSCOcpm/temp/va/vabuffer_0176.t

xt

2017-01-18 09:14:00,958 DEBUG  [Thread-86][] va.runtime.admin.mnt.EndpointFileRe

ader -:::::- VA: Read va runtime. [{"operationType":2,"isPeriodicScanEnabled":fa

lse,"heartBeatTime":1484727238357,"lastScanTime":0}, {"operationType":0,"macAddr

ess":"18:A6:F7:12:B3:EA","isPeriodicScanEnabled":false,"heartBeatTime":0,"lastSc

anTime":0}]

2017-01-18 09:14:00,958 DEBUG  [Thread-86][] va.runtime.admin.vaservice.VaServic

eRemotingHandler -:::::- VA: received data from Mnt: {"operationType":2,"isPerio

dicScanEnabled":false,"heartBeatTime":1484727238357,"lastScanTime":0}

2017-01-18 09:14:09,964 DEBUG  [Thread-86][] cpm.va.runtime.util.SequencedFileLi

neReadWriter -:::::- VA: Reading filename : /opt/CSCOcpm/temp/va/vabuffer_0177.t

xt

On Cisco ISE GUI I can see VA instance is Connected and Active - Knowledge base download in-progress (same status for long time).

Do you have any idea, what can be issue?

Thanks, Laco.

2 REPLIES 2
hslai
Cisco Employee

You are correct that KB download needs to finish first before a good scan may take place. One possibility that KB download taking a long time is that Qualys not responding to the requests from your ISE due to some limits to your account or the like. Please navigate to Operations > Reports > ISE Reports > Threat Centric NAC, select [ Vulnerability Assessment ] and run it. Hopefully, that would give some indication of the problem.

If possible, please open a TAC case. If not, then please generate a support bundle and check the debug log from the QualysAdapter container.

Thanks. I have decrypted SSL communication, so it is clear that I am using only Qualys demo account with restriction for KnowledgeBase :

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.eu/api/2.0/simple_return.dtd">

<SIMPLE_RETURN>

  <RESPONSE>

    <DATETIME>2017-02-04T08:20:29Z</DATETIME>

    <CODE>2010</CODE>

    <TEXT>You are not allowed to download the KnowledgeBase, please contact your sales representative for more information.</TEXT>

  </RESPONSE>

</SIMPLE_RETURN>

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube