ISE Posture Status Pending

Similar Messages

• Ise posture status notapplicable

  Hello ,
           after upgrading ISE 1.2 to 1.2.1 , I can't see posture status (pending) although it is working properly. I tried to install patch 1 but the same result.
  before upgrading , posture status was Pending when posture status still not reach to ISE.

  I have same problem too.
  When workstation install NacAgent 4.9.4.3 successfully, then the posture will be stucked.
  I didn't see about NAC Agent on report: "Posture Detailed Assessment" and "Client Provisioning"
  Any help or advice please ? Should I configure the redirect ACL, dACL, switch ACL, or something like that ?

• [ISE] Posture Status - Not applicable

  Hi,
  I configured WiFi Guest Access with WLC and ISE and it works great.
  Now I want to check client posture.
  I configured a posture policy
  On Windows7 client, I installed NAC client. With network sniffer, I can see SWISS protocol (TCP 8905) between client and ISE.
  In authentications log, Posture Status is always "NotApplicable"
  Why is this posture not applicable?
  Thanks a lot!
  Patrick

  Hello Tarik,
  Result NonCompliant: http://uploaddeimagens.com.br/imagens/result_noncompliant-jpg
  Posture rule: http://uploaddeimagens.com.br/imagens/posture_rule-jpg
  The client provisioning is set to force NAC Agent version 4.9.0.47
  Yes, the vlan is correct.
  The major problem is the NotApplicable ststus in the posture log, the ISE is not applying the posture, some times works fine, some times dont work and appear the NotApplicable in the log.

• Posture Status for Smartphones - Android - Pending

  I am trying to pass smartphones through our ISE infrastructure.  I have Windows working properly, it assigns a certificate, joins to the employee network, installs the NAC client, and requires remediation action.
  When an Android phone (haven't tried iOS yet) tries to connect it receives a certificate, is profiled as Android, and then gets stuck in posture status pending.
  I have attached a screenshot.
  Thanks.

  I was thinking - would reducing it to Registered Device (only registered devices would authenticate with 802.1x anyway) and SessionOS equals Android be vague enough to catch it and not allow it to pass?
  Endpoint Id
  C8:AA:21:02:16:75
  Endpoint Profile
  Android
  IP Address
  Identity Store
  Identity Group
  RegisteredDevices
  Audit Session Id
  ac1e10450000120e52056988
  Authentication Method
  dot1x
  Authentication Protocol
  EAP-TLS
  This is how one android device is being profiled - I would guess that would allow it if I opened the rule up more?

• Cisco ISE - Posturing of a Linux Endpoint - Is it possible?

  We have a customer who wants to implement Cisco ISE and one of their requests is to posture Linux endpoints in addition to Windows endpoints.
  They have a set of system checks that they perform on Linux machines (catered towards RedHat) which they would like to be performed by ISE.
  From what I know prior to researching for this request was that the NAC agent is only compatible with endpoints running Windows or Mac OSX.
  Digging around, Linux endpoints are postured with a 'default-posture' status and thus an accompanying authorization profile must be set for 'default-posture'. I can't seem to find how to perform file checks, service checks, etc. on a Linux endpoint. Are these type of checks possible with Cisco ISE posture assessment on a Linux endpoint?
  One item that I found is to use the Host Scan package within the AnyConnect Posture module on a Linux endpoint.
  I see this as defeating the purpose of centralizing posturing on the ISE since the AnyConnect and ASA will be doing the posture checking.
  Any thoughts? Thanks in advance.

  Hello Alberto, posture assessment is not yet supported with ISE/AnyConnect. For more info check out the posture section in the ISE 1.3 Admin Guide:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html
  Thank you for rating helpful posts!

• ISE Posture for non-agent device problem

  I have a couple of questions:
  - They said it the documents: "these (non-agent) devices assume the Default Posture Status settings". I wonder how ISE determines that a device is a non-agent device, or to put it another way, when is the Default Posture Status settings applied to a device? Is it after some period of time not receiving anything from the agent? If yes, can and where do I change that time in ISE?
  - I tested this with my lab and saw that: after the user successfully login with his account, and the Authorization profile with Client provisioning is applied to that session, the user goes to a web page and gets redirect to the CPP page. Now if he just sits there and doesn't install the NAC agent, I noticed that after about 40s, the session is automatically restarted to a new one, with a different session ID, but the same username. The new session gets to the point where the same redirect Authorization profile is applied and the whole process cycles over and over. Things I observed each time the session restarts:
  + The user doesn't even have to enter the credentials again. The 802.1x login doesn't popup 
  + The Default Posture status (I set it to Noncompliant) is applied to the session right before it restarts. I can see an event on ISE indicating that. The event also shows the Acct-Terminate-Cause as "Admin Reset"
  + If at any point, the user installs a NAC agent then he can break the cycle (e.g becomes compliant) and carry on with other Authorization profiles
  So my question is: is that expected behavior of ISE? Although it seems no harm except new sessions are created continously
  Or have I configured something wrong?

  Anybody?

• ISE Posture Assessment

  Hi,
  While reading about ISE posture, I got to know that ISE searches” User Agent” attribute for string “NAC Agent” to confirm that NAC agent is present on particular machine.This information is passed to ISE when user opens Web Browser i.e. user gets redirected
  If NAC agent is not present on machine then NAC agent will get downloaded and then Posture assessment starts.
  While testing this on ISE, I noticed that
  If NAC agent is already present on machine then directly posture assessment starts even without opening web browser.
  Now my question is, how ISE does come to know that NAC agent is already present on machine without opening web browser.
  Regards,
  Aditya

  I second Richard on the fact that it can't be done. However, I was going through this and wanted to share in case it helps.
  Default Posture Status
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_pos_pol.html#wp1919363
  Jatin Katyal
  - Do rate helpful posts -

• Order status pending

  Hi,
  I wanted to order Skype number from Sydney-Australia (Number: 0050060) so I selected a number & 3 months payment option (without entering credit card details) and then I came to know that if we get subsciption first then there is some discount on skype number.
  So I first ordered subscription by entering creditcard details, Subscription order was delivered successfully. Then I returned to order skype number...but now its showing order status as pending. I tried again but this time radio button is on 1 month payment option and 3 months option is desabled. I ddin't proceed ahead. But now in my purchase histroy its showing another order with one month paymrnt option and its status as created.
  No amount has got deducted from my skype credit or bank credit card and I have not received the number yet (order 1 with 3 months payment option: status: pending & order 2 with 1 month payment option status: created & at number its showing as reserved for 19 days). 
  Tried to contact customer support but unable to reach and send the details about problem. Continue support request button on skype website is disabled.
  I want to get the number with discount for 3 months, so how can I make payment for it and get the number at the earliest? Experts Please help. Thanks.
  Regards,
  saurabhraste83

  Hi, saurabhraste83, and welcome to the Community,
  These are the types of issues which can be resolved only by Skype Customer Service.  Please try using another web browser different from the one you tried to contact Customer Service with on  your first attempts; many times, this simple suggestion works!
  Kind regards,
  Elaine
  Was your question answered? Please click on the Accept as a Solution link so everyone can quickly find what works! Like a post or want to say, "Thank You" - ?? Click on the Kudos button!
  Trustworthy information: Brian Krebs: 3 Basic Rules for Online Safety and Consumer Reports: Guide to Internet Security Online Safety Tip: Change your passwords often!

• Import Items Request remain in Status Pending Normal For a Long Period

  Hi,
  Import Items Concurrent Requests Remain in Status Pending Normal For a Long Period(30 minutes) Before Running.
  It is actually completing within 10 minutes after pending normal for 30 minutes.
  This problem is happening only with Import Items concurrent request, Other request are running as soon as they started.
  My Application version: 12.1.3
  Database Version:11.1.0.7
  My Standard Manager details Processes=16 Sleep Time=10 Cache=40
  Please correct, If there is need to change Standard Manager configuration...
  Plz reply soon.
  Regards,
  Alig

  Alig,
  Standard Manager is running this request, Import Item program request after the completion, creating Item categories for this it is taking time, that is the reason another import items request is waiting for the Item categories program to be completed.You need to find out why the "Item Categories" takes that long to complete.
  Do you have the statistics up to date?
  Enable trace as per these docs to find out why the request takes that long.
  How to Set a Trace with Bind and Waits from the Concurrent Request Form [ID 601647.1]
  How To Trace a Concurrent Request And Generate TKPROF File [ID 453527.1]
  Thanks,
  Hussein

• Status pending in OEM

  hi,
  i oem grid control i cant access one of the database.in the availability section it shows status pending.what is this error.your kind help is always appreciated.
  thankx in advance....

  Check for the database,listener, agent are up on that server.
  try
  emctl upload
  command upload the data to the server. then check
  emctl status agent
  C:\Documents and Settings\Administrator.EXRAQUES>emctl status agent
  Oracle Enterprise Manager 10g Database Control Release 10.1.0.2.0
  Copyright (c) 1996, 2004 Oracle Corporation. All rights reserved.
  Agent Version : 10.1.0.2.0
  OMS Version : 10.1.0.2.0
  Protocol Version : 10.1.0.2.0
  Agent Home : E:\oracle\product\10.1.0\db_1\Saravanan_orcl
  Agent binaries : E:\oracle\product\10.1.0\db_1
  Agent Process ID : 640
  Agent Process ID : 640
  Agent URL : http://Saravanan:1830/emd/main
  Started at : 2006-12-16 15:59:46
  Started by user : SYSTEM
  Last Reload : 2006-12-16 15:59:46
  Last successful upload : (none)
  Last attempted upload : (none)
  Total Megabytes of XML files uploaded so far : 0.00
  Number of XML files pending upload : 1664 must be near to 0
  Size of XML files pending upload(MB) : 28.42
  Available disk space on upload filesystem : 2.80%
  Agent is Running and Ready
  it must be successfull.

• How to show catalog items with Approval Status:Pending in a Content Search Webpart

  How to show catalog items with Approval Status:Pending in a Content Search Webpart using cross site publishing. Thanks in advance.

  I don't think you're going to be able to. Usually Approval Status is used in conjunction with Major/Minor versioning and while Approval Status is pending the item is usually a draft.
  As a result the search crawler should not be able to see the draft items as it would not have the necessary rights to do so. (Good practice ensures that the Search Crawler has only read access and is not an elevated account for this reason)
  Paul.
  Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.

• Scheduled reports (DeskI) remain in status "Pending" in SP4(FP 4.3)

  Hi,
  I am facing a weird problem with a BO XI R2 cluster installation (2 Windows Servers, one CMS, 2 DeskI Job servers on one node) after installing SP4 + FP 4.3. The users are allowed to schedule DeskI reports they created themselves. The scheduling works out fine at the beginning but at some point overnight the DeskI servers (although empty) completely ignore the fact that there are available jobs for scheduling. This means that the DeskI reports remain in status "Pending". Changing the "maximum number of jobs" setting at the CMC in the DeskI job servers properties tab seems to work like a wake-up call and the scheduling starts again. After a while though (can take up to a day to get there) the job servers start again to ignore the pending jobs.
  Is this a known issue in SP 4? Anyone had similar experiences two?
  Any help/ideas & hints will be highly appreciated.
  Cheers
  Stratos

  Hi Will,
  Quote: "In any case, in normal circumstances, you should not having pending jobs if your number of running numbers is below your max number of jobs setting". Exactly this is what we are expecting but the job server seems to sleep not caring about the actual number of pending jobs und wakes up only if we use a high setting (40) for the maximum number of jobs.
  Have found some references about similar problems for both the Web Intelligence and the Crystal Report Job Servers but not a real solution so far. It may be a problem with the CMS but I am not really sure. Restarting the CMS does not help neither.
  Cheers
  Stratos

• Status pending but DB is up

  Hi all,
  when I go to GRID, it showed that the status of the DB is "status Pending". but when I go to server and check that DB, the database is running.
  1. Why it showed status pending?
  2. how to fix it?
  thanks,

  Try the following:
  1. Stop the agent
  <AGENT_HOME>/bin/emctl stop agent
  2. Clean start the agent:
  2a Delete current upload and state files
  rm -r <AGENT_HOME>/sysman/emd/state/*
  rm -r <AGENT_HOME>/sysman/emd/collection/*
  rm -r <AGENT_HOME>/sysman/emd/upload/*
  rm <AGENT_HOME>/sysman/emd/lastupld.xml
  rm <AGENT_HOME>/sysman/emd/agntstmp.txt
  rm <AGENT_HOME>/sysman/emd/blackouts.xml
  rm <AGENT_HOME>/sysman/emd/protocol.ini
  2b Start the agent
  <AGENT_HOME>/bin/emctl start agent
  2c Issue an agent clearstate from the agent home
  <AGENT_HOME>/bin/emctl clearstate agent
  3. Resecure the agent (if the agent was secured in the first place).
  <AGENT_HOME>/bin/emctl secure agent <registration password>
  4. Force an upload to the OMS
  <AGENT_HOME>/bin/emctl upload
  5. Wait 2 minutes.

• Status Pending on Grid Control

  Hi,
  On the Grid Control -> All Targets Type=Cluster
  I have the "Status Pending" on my target Cluster.
  All the nodes are up as also as all the agents, instances, etc...except the cluster that appears to be "Status Pending".
  I tried to restart all the agents and refreshing the configuration, but the "status pending" remains.
  Anyone has any idea?
  Thanks.
  Best regards,
  José Carlos

  Grid Control server can connect to target database 1521(listener port)?
  Grid Control server -> target database:1521
  Grid Control server -> target database:agent port (3872)
  target database -> Grid Control server: 4889 ; (upload agent file)
  http://download.oracle.com/docs/html/B12013_03/firewalls.htm
  Please check your connect
  After that clear state
  1. Stop the agent on the target node
  emctl stop agent
  2. Delete any pending upload files from the agent home
  cd $AGENT_HOME/<hostname>/sysman/emd/
  rm -r state/*
  rm -r collection/*
  rm -r md/upload/*
  rm lastupld.xml
  rm agntstmp.txt
  rm blackouts.xml
  3. Issue an agent clearstate
  emctl clearstate agent
  4 Start the agent
  emctl start agent
  5. Force an upload to the OMS
  emctl upload agent
  Good Luck

• Status: Pending on Texts Sent

  I have sent a text message and on the message report is says "Status: Pending"  Anyone know what this means?  Did my message go through?  The message was sent a few weeks ago and it still says the same thing.  Thoughts?  I do not want to send anymore message to this number if they are not going through.  Thanks in advance for your help.

  "Pending" implies it has not been sent, but I didn't think they hung around for weeks - I thought it would try for a few days and then mark it as undeliverable....
  Does the number have a block on text messages? Is the phone out of service? Try sending one more...may be they will both go through?