cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11551
Views
22
Helpful
20
Replies

AMPEnalber Waiting for Configuration

Daryl Clark
Level 1
Level 1

We are attempting to deploy AMP via the AMP Enabler module for AnyConnect. We are using the latest version (4.4.03034) of both the software and profile editor. The AMP Enabler XML profile has been created and copied to the C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AMPEnabler directory. However, the AMP Enabler module in AnyConnect says "Waiting for configuration..." Any idea why this is not working?

1 Accepted Solution

Accepted Solutions

I think I see the problem. The documentation isn't clear on this but the profile needs to have a specific name to be recognized by the installer. Any other file name is silently ignored. NAM has a simialr characteristic.

I have AMP4E installed manually. So to test, I added the AMP Enabler module to my AnyConnect, created a dummy profile using the desktop Profile Editor and added it to the folder you mentioned. I got the same results as you did.

So I created a DART diagnostic bundle (selecting a Custom bundle with only the AMP bits). Looking in the bundle I saw a log entry thus:

No file found with path matching:
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AMPEnabler\AMPEnabler_ServiceProfile.xml

I renamed my profile "AMPEnabler_ServiceProfile.xml" and restarted the AnyConnect Secure Mobility Agent service and then launced the GUI.

Voila I got the following (message ends on that after first trying and failing to get a package from the dummy address I entered):

Cisco doesn't appear to have documented this fact anywhere. I submitted feedback to this document:

http://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/200284-Installation-and-Configuration-of-AMP-Mo.html

...suggesting they add a section there and update the Admin Guide as well.

View solution in original post

20 Replies 20

Marvin Rhoads
Hall of Fame
Hall of Fame

Have you restarted the AnyConnect client after updating the profile?

Multiple times, along with the PC.

I think I see the problem. The documentation isn't clear on this but the profile needs to have a specific name to be recognized by the installer. Any other file name is silently ignored. NAM has a simialr characteristic.

I have AMP4E installed manually. So to test, I added the AMP Enabler module to my AnyConnect, created a dummy profile using the desktop Profile Editor and added it to the folder you mentioned. I got the same results as you did.

So I created a DART diagnostic bundle (selecting a Custom bundle with only the AMP bits). Looking in the bundle I saw a log entry thus:

No file found with path matching:
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\AMPEnabler\AMPEnabler_ServiceProfile.xml

I renamed my profile "AMPEnabler_ServiceProfile.xml" and restarted the AnyConnect Secure Mobility Agent service and then launced the GUI.

Voila I got the following (message ends on that after first trying and failing to get a package from the dummy address I entered):

Cisco doesn't appear to have documented this fact anywhere. I submitted feedback to this document:

http://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/200284-Installation-and-Configuration-of-AMP-Mo.html

...suggesting they add a section there and update the Admin Guide as well.

That did it! thank you so much and appreciate submitting feedback for updating the documentation.

You're welcome - thanks for rating.

It was a mutual learning process. I didn't know about that filename requirement myself until I dug into the log file.

Hi,

 

The edit option is not showing under the AMP Enabler Profile on the AnyConnect Profile window.

 

Thanks,

Ramesh

You cannot edit the profile from AnyConnect. 

 

You need to use either a text editor (like Notepad++) or the AnyConnect Profile Editor.

 

Hi Marvin, I am trying to push the AMP for Endpoints and its profile via the AnyConnect Secure Mobility Client. I am using the Cisco Document https://www.cisco.com/c/en/us/support/docs/security/advanced-malware-protection-endpoints/200284-Installation-and-Configuration-of-AMP-Mo.html While i am trying the step1 i am getting that error as attached. The profile to be created in the .xml format or in the .asp format. Further if in case you have got the success using automatic push please provide the working steps as simple docs. Thanks, Ramesh

I just went through the steps outlined in the document you shared and it worked as intended. Can you tell us what ASDM version you are using? I used 7.8(2.1).

 

In my case I chose the uninstall AMP enabler option just so I could work it through to completion. The filename for the profile on ASA is amp.asp as the wizard autofills for you.

 

Here is my directory before and after completing the wizard including the file contents:

 

asav# dir

Directory of disk0:/

26 drwx 4096 23:44:55 Aug 21 2017 smart-log
23 drwx 4096 23:43:56 Aug 21 2017 log
60 drwx 4096 23:45:00 Aug 21 2017 coredumpinfo
68 -rwx 30691264 00:08:08 Aug 22 2017 anyconnect-win-4.5.00058-webdeploy-k9.pkg
70 -rwx 26970456 15:28:31 Sep 08 2017 asdm-782(1).bin
71 -rwx 2540 16:57:28 Sep 13 2017 profile_ccielab.xml
72 -rwx 8399 20:28:01 Oct 13 2017 rdp-plugin.120424.jar

8571076608 bytes total (8491442176 bytes free)

asav# dir

Directory of disk0:/

26 drwx 4096 23:44:55 Aug 21 2017 smart-log
23 drwx 4096 23:43:56 Aug 21 2017 log
60 drwx 4096 23:45:00 Aug 21 2017 coredumpinfo
68 -rwx 30691264 00:08:08 Aug 22 2017 anyconnect-win-4.5.00058-webdeploy-k9.pkg
70 -rwx 26970456 15:28:31 Sep 08 2017 asdm-782(1).bin
71 -rwx 2540 16:57:28 Sep 13 2017 profile_ccielab.xml
72 -rwx 8399 20:28:01 Oct 13 2017 rdp-plugin.120424.jar
73 -rwx 237 19:57:35 Oct 30 2017 amp.asp

8571076608 bytes total (8491438080 bytes free)

asav# more disk0:/amp.asp
<?xml version="1.0" encoding="UTF-8"?>
<FAProfile xsi:noNamespaceSchemaLocation="FAProfile.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<FAConfiguration>
<Uninstall>
</Uninstall>
</FAConfiguration>
</FAProfile>

asav#

Hi Marvin,

 

I am using the ASDM version 7.6(2) and the ASA version is 9.6(2)1 and its hosted in the AWS Cloud and the Java version i am using is 1.8.0_144

 

Please find the image for your reference.

 

Thanks,

Ramesh

I don't see any document resolved bugs in the later version of ASDM that I am using but there may be internal ones. 

 

If you can try with the newer ASDM I'd recommend that. If not, you might have to open a TAC case to resolve it.

Hi Marvin,

 

Ok let me try that and post you back.

 

Thanks,

Ramesh

Hi Marvin,

Even upgrading to ASDM version 7.8.2 didnt helps. Can you please share me the Java version you guys are using. If that not helping, i will take it TAC for further troubleshooting.

 

Thanks,

Ramesh

Hi Marvin,

 

I found the issue where i am facing, which is the permission issue on ASDM where the privilege i was trying is with 2 and when i changed the privilege to 15 i can able to edit the profile straight from the ASDM.

 

Thanks for your kind support.

 

Thanks,

Ramesh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: