Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
0
Helpful
2
Replies

Machine Profiling Fails

kknuckles
Level 1
Level 1

‎02-12-2013 05:28 PM - edited ‎03-10-2019 08:05 PM

I have a high amount of failed profiling attempts on the machine side of things. Some machines get profiled with no problems and then others fail. I have to manually change their type to Workstation.

The rule I have in place shows:

(Workstation OR Cisco-IP-Phone) AND (Wireless_802.1X AND AD1:ExternalGroups EQUALS ADDOMAIN/User Accounts/All Employees )

The workstation portion of the rule includes getting the information from from the user agent string. For example it includes the built-in workstation rule for Windows 7 based machines. That rule scans the User-Agent string for Windows NT 6.1.  If I take a machine that has failed profiling, and connect it to a wired connection (not profiled through ise) and then go to whatsmyuseragent.com it will show me Windows NT 6.1. If I put that machine back on the wireless network it should join, ISE fails to profile it.

I'm trying to figure out why ISE won't properly profile the machines. Any thoughts?                 

Labels:
0 Helpful
2 Replies 2

nspasov
Cisco Employee
Cisco Employee

‎02-14-2013 07:32 PM

What profiling sensors do you have enabled?

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎04-10-2013 06:53 PM

Verify switch configuration for those network segments where endpoints are not

being appropriately profiled to ensure that:

• The required information to profile the endpoint is being sent to Cisco ISE for it

to profile.

• Probes are configured on the network Policy Service ISE node entities.

• Verify that packets are received at the Cisco ISE profiler module by running the

tcpdump function at Operations > Troubleshoot > Diagnostic Tools > General

Tools > Tcpdump.

Note If you are observing this issue with endpoints on a WAN collected by HTTP,

Netflow, and NMAP, ensure that the endpoint IP address has been updated

with a RADIUS/DHCP Probe before other attributes are updated using the

above probes.

There could be an SNMP configuration issue on Cisco ISE, the switch, or both.

• The profile is likely not configured correctly, or contains the MAC address of

the endpoint already.

Resolution • Verify the SNMP version configuration on both Cisco ISE and the switch for

SNMP trap and SNMP server settings.

• The Profiler profile needs to be updated. Navigate to Administration > Identity

Management > Identities > Endpoints, select the endpoint by MAC address

and click Edit.

0 Helpful
Customers Also Viewed These Support Documents