Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Clean Access Failure Detail

We have a machine that fails our Clean Access rules, but the description on the agent itself is simple: "Windows", "Notify before download". Where on the CAM (4.3) or CAS can I find details regarding the exact rule that was not met.

3 REPLIES
New Member

Re: Clean Access Failure Detail

Agent checks the rules one by one in the order that you spesified at your CAM.

So have a look at your CAM's menu Device Management > Clean Access > Clean Access Agent > Role Requirement

Here you can see the rules that the client software must meet.

Looking at the rules name/description you can find out where the problem is.

Or you can use Reports submenu (Management > Clean Access > Clean Access Agent).

New Member

Re: Clean Access Failure Detail

Here is the report from a machine that fails:

windows (Mandatory)

Passed Checks:

pc_Windows-XP-SP2

pc_HotFix908519_XP

pc_HotFix904706_XP

pc_KB908531_MS06-015_XP

pc_KB932168_MS07-020_XP

pc_KB920683_MS06-041_XP

pc_KB914388_MS06-036_XP

pc_KB935840_MS07-031_XP

pc_KB930178_MS07-021_XP

pc_HotFix901214_XP

pc_IE7_0

pc_KB935839_MS07-035_XP

pc_KB925902_MS07-017_XP

pc_KB928843_MS07-008_XP_SP2

pc_HotFix896358_XP

pc_KB931261_MS07-019_XP

pc_KB920213_MS06-068_XP_SP2

Failed Checks:

pc_Windows-XP-SP1, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 1]

pc_KB929969_MS07-004_XP_SP2_IE7, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB929969\Filelist\ exists ]

pc_IE6_0, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version starts with 6.0]

There are two checks that may conflict:

1.pc_Windows-XP-SP2

2.pc_Windows-XP-SP1

pc_Windows-XP-SP2 = [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 2]

pc_Windows-XP-SP1 = [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 1]

The actual string data is "Service Pack 2"

It passes pc_Windows-XP-SP2

It fails pc_Windows-XP-SP1

Is this just the case of bad rules? I mean the pass/fail result make senses to me, because based on the keys it fails under one condition and passes under the other. The rules were here before I came onboard, and I am not familiar with Clean Access. I would assume the rules are in conflict and we need to decide which we want to enforce? Is there anyway to have the system not enfore the "SP1 rule" if the "SP2 rule" has been met, such as nesting them?

New Member

Re: Clean Access Failure Detail

hi, Kellyrudnick.

Your checks may differ and even conflict. It's ok.

Try to creat a Rule. And in the Rule Expression type smth like

(pc_Windows-XP-SP2) | (pc_Windows-XP-SP1)

This statement means check "pc_Windows-XP-SP2"

OR "pc_Windows-XP-SP1".

Think this will help you

137
Views
0
Helpful
3
Replies
CreatePlease to create content