Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7136
Views
0
Helpful
7
Replies

ISE Posture Status Pending

Waheed Bahaduri
Level 1
Level 1

‎11-13-2013 04:24 AM - edited ‎03-10-2019 09:05 PM

Hello,

I am newly configuring and testing  Posturing/Client Provissioning on ISE.  I configured Client_Provissioning Policy without any Posture_Policy just to test it works or not.

My Wireless client can authenticate and get and install NAC_Agent successfully,  but after that no network access is given to the client pc. 

on the ISE Authentication Reports it shows ( Posture Status Pending )

and on the Wireless client everytime when i open browser i get this message " Cisco Agent was detected and is running. If you are still unable to access the network please contact you administrator"

I dont know what is the issue, plz help

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Ravi Singh
Level 7
Level 7

‎11-14-2013 10:11 AM

Please try to remove and re-apply the posture policies.

0 Helpful

Waheed Bahaduri
Level 1
Level 1
In response to Ravi Singh

‎11-14-2013 10:38 AM

Hi Ravi,

I have not yet configured any Posture policies.  i have configured only client-provissioning policy, i want to first test client-provissioning works properly before applying any Posture-Policy.

So My wireless clients are correctly redirected and recieve NAC Agent, but afterthat it seems that the NAC_Agent does not do anything and does not send any report back to ise for further processings.

on the ise Authentication Report i can see, the client is stuck in UKNOWN-STATUS , and shows Posture_Status Pending...

it does not go to Uncompliant or Compliant Status.

I dont know what can be the issue? neither ISE shows me the error , nor the WLC.

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee
In response to Waheed Bahaduri

‎11-15-2013 07:04 AM

If no matching posture policy is defined for an endpoint, then the posture compliance status of the endpoint may be set to unknown

0 Helpful

Saurav Lodh
Level 7
Level 7

‎11-14-2013 06:37 PM

You must ensure that the latest Windows hotfixes and patches are installed on Windows XP clients so that NAC Agents can establish a secure and encrypted communication with the Cisco ISE server (SSL over TCP).

0 Helpful

Waheed Bahaduri
Level 1
Level 1
In response to Saurav Lodh

‎11-14-2013 10:37 PM

I am using windows 8  as cilent, and it has all the updates and hotfixes.

Can anyone send me a link for configuring Posture-assessment&Client-Provissioning using ISE 1.2 and WLC as NAD ?

I found many links on the web but all of them show Wired-switch configured as NAD,  and using ise 1.1

0 Helpful

Kabir Ibrahim
Level 1
Level 1
In response to Saurav Lodh

‎11-25-2013 06:43 AM

Do you have authrization policies for compliant users?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents