Solved: Re: Network Setup Assitant couldn't connect to the server

Moses Kihoro · ‎05-03-2018

Hi All,

Please am having a problem where by the network setup assistant couldn't connect to the server, So it can't download the Anyconnect installation files from I.S.E server. Have configure the Anyconnect Configuration and associated it with a Client provisioning policy.

Attached below image and logs from Network Setup Assistant. Please help.

Moses Kihoro · ‎09-03-2018

Hi All,

Thanks alot for the ideas, I fixed the issue. The error was as a result of a windows 7 patch. I updated the security KBs an everything worked as expected.

View solution in original post

Moses Kihoro · ‎09-28-2018

Hi Sajid,

For my lab was using win 7 professional with service park 1. Just make sure your win 7 environment is up to date. for the KB follow the below article https://community.cisco.com/t5/vpn-and-anyconnect/ise-posture-module-is-not-installed-during-posture-provision/td-p/3512829.

View solution in original post

Aravind Ravichandran · ‎05-03-2018

Hi Moses,
Please let me know whether endpoint is connected which type of NAD device like switch or WLC,
Also can you let me know,whether proxy is configured or not.if yes please mention the proxy port.

-Aravind

Moses Kihoro · ‎05-04-2018

The endpoint is a laptop connected to 2960S switch. No proxy connection at
the switch, but users use proxy connection once they are allowed in the
network.

RichardAtkin · ‎05-04-2018

What ACL / FW rules are in place between the Client and the ISE? We need to be sure they aren't blocking traffic... Can you paste up here so we can check?

Moses Kihoro · ‎05-04-2018

Hi,

The Acl between the client and ISE is here below:

Extended IP access list ACL_DEFAULT
    10 permit udp any eq bootpc any eq bootps
    20 permit udp any any eq domain
    30 permit tcp any any eq domain
    40 permit icmp any any
    50 permit udp any any eq tftp
    60 permit ip any host 192.168.37.28
    70 deny ip any any log (3468 matches)

My Downloadable ACL,

permit udp any eq bootpc any eq bootps
permit udp any any eq 53
permit ip any host 192.168.37.28
deny ip any any log

Redirect ACL,

Extended IP access list ACL_REDIRECT
    10 deny udp any eq bootpc any eq bootps
    20 deny udp any any eq domain
    30 deny ip any host 192.168.37.28
    40 permit ip any any (223866 matches)

There is no firewall in between. The Redirection is working fine the only problem is when NSA tries to download the anyconnect.

Aravind Ravichandran · ‎05-04-2018

Please provide me the Proxy settings from the endpoint.

-Aravind

RichardAtkin · ‎05-04-2018

Have you definitely got the webdeploy version of the agent in ISE, and configured / referenced it in the right part of the ISE's config?

Moses Kihoro · ‎05-04-2018

proxy details from client side is:

X.X.X.X:3128

Aravind Ravichandran · ‎05-04-2018

Please disable the proxy on the endpoint & try client provisioning.

-Aravind

Moses Kihoro · ‎05-04-2018

Hi,

I did so and still got on to the same error. Could it be the webdeploy version am using?

Moses Kihoro · ‎05-04-2018

Hi,

Below are the images of anyconnect resouces:

Anyconnect Configuration profile

Aravind Ravichandran · ‎05-04-2018

Please try to use latest compliance module.
If possible provide me the screenshot of client provisioning policy.

-Aravind

Stuart C · ‎06-22-2018

Hi,

Was this ever fixed?

Thanks

Moses Kihoro · ‎09-03-2018

Hi All,

Thanks alot for the ideas, I fixed the issue. The error was as a result of a windows 7 patch. I updated the security KBs an everything worked as expected.

sajid231088 · ‎09-28-2018

Hi Moses,
I am having a same issue and this is happening only with Win 7, Could you please let me know what security KBs need to update.

thankls in advance.