Hi,
Any suggestions for SCEP for Mac fails Cisco AnyConnect posture check?
SCEP for Mac passes all AnyConnect checks except "activescan".
It is a standalone SCEP installation, not managed by ConfigMgr. AnyConnect log
below.
Thanks,
Tim
DAP_TRACE: aaa["cisco"]["grouppolicy"] = "GroupPolicy-VPN-IT"
DAP_TRACE: aaa["cisco"]["username"] = "itsdtk"
DAP_TRACE: aaa["cisco"]["username1"] = "itsdtk"
DAP_TRACE: aaa["cisco"]["username2"] = "itsdtk"
DAP_TRACE: aaa["cisco"]["tunnelgroup"] = "IT"
DAP_TRACE: aaa["cisco"]["sceprequired"] = "false"
DAP_TRACE: endpoint["application"]["clienttype"] = "AnyConnect"
DAP_TRACE: endpoint.os.version = "Mac OS X"
DAP_TRACE: endpoint.os.servicepack = "10.10.4"
DAP_TRACE: endpoint.os.architecture = "x64"
DAP_TRACE: endpoint.policy.location = "Default"
DAP_TRACE: endpoint.device.protection = "none"
DAP_TRACE: endpoint.device.protection_version = "3.1.08009"
DAP_TRACE: endpoint.device.hostname = "APL-SD25GF12DDHJW.local"
DAP_TRACE: endpoint.device.port["60808"] = "true"
DAP_TRACE: endpoint.device.port["29754"] = "true"
DAP_TRACE: endpoint.device.port["88"] = "true"
DAP_TRACE: endpoint.device.port["631"] = "true"
DAP_TRACE: endpoint.device.port["5900"] = "true"
DAP_TRACE: endpoint.device.tcp4port["60808"] = "true"
DAP_TRACE: endpoint.device.tcp4port["29754"] = "true"
DAP_TRACE: endpoint.device.tcp4port["88"] = "true"
DAP_TRACE: endpoint.device.tcp4port["631"] = "true"
DAP_TRACE: endpoint.device.tcp4port["5900"] = "true"
DAP_TRACE: endpoint.device.tcp6port["88"] = "true"
DAP_TRACE: endpoint.device.tcp6port["631"] = "true"
DAP_TRACE: endpoint.device.tcp6port["5900"] = "true"
DAP_TRACE: endpoint.device.MAC["c82a.145b.7f47"] = "true"
DAP_TRACE: endpoint.device.MAC["e4ce.8f62.5488"] = "true"
DAP_TRACE: endpoint.device.MAC["d200.1de3.2840"] = "true"
DAP_TRACE: endpoint.device.MAC["d200.1de3.2841"] = "true"
DAP_TRACE: endpoint.device.MAC["06ce.8f62.5488"] = "true"
DAP_TRACE: endpoint.device.MAC["ca2a.14b5.b000"] = "true"
DAP_TRACE: endpoint.device.id = "D25GF12DDHJW"
DAP_TRACE: endpoint.device.protection_extension = "3.6.10013.2"
DAP_TRACE: endpoint.fw["AppleFW"] = {}
DAP_TRACE: endpoint.fw["AppleFW"].exists = "true"
DAP_TRACE: endpoint.fw["AppleFW"].description = "Mac OS X Builtin Firewall
(Mac)"
DAP_TRACE: endpoint.fw["AppleFW"].version = "10.10.4"
DAP_TRACE: endpoint.fw["AppleFW"].enabled = "ok"
DAP_TRACE: endpoint.fw["FreeBSDFW"] = {}
DAP_TRACE: endpoint.fw["FreeBSDFW"].exists = "true"
DAP_TRACE: endpoint.fw["FreeBSDFW"].description = "ipfw (Mac)"
DAP_TRACE: endpoint.fw["FreeBSDFW"].version = "0"
DAP_TRACE: endpoint.fw["FreeBSDFW"].enabled = "ok"
DAP_TRACE: endpoint.av["MicrosoftAV"] = {}
DAP_TRACE: endpoint.av["MicrosoftAV"].exists = "true"
DAP_TRACE: endpoint.av["MicrosoftAV"].description = "System Center Endpoint
Protection for Mac (Mac)"
DAP_TRACE: endpoint.av["MicrosoftAV"].version = "4.5.18"
DAP_TRACE: endpoint.av["MicrosoftAV"].activescan = "failed"
DAP_TRACE: endpoint.av["MicrosoftAV"].lastupdate = "39341"
DAP_TRACE: endpoint.av["MicrosoftAV"].timestamp = "1433908800"
DAP_TRACE: endpoint.anyconnect.clientversion = "3.1.08009"
DAP_TRACE: endpoint.anyconnect.platform = "mac-intel"
DAP_TRACE: endpoint.anyconnect.devicetype = "iMac12,2"
DAP_TRACE: endpoint.anyconnect.platformversion = "10.10.4"
DAP_TRACE: endpoint.anyconnect.deviceuniqueid =
"5E7694550ACC6A829F77D8C756C764CE3371AE1AC16825C5831496ED802F5892"
DAP_TRACE: Username: itsdtk, Selected DAPs:
DAP_TRACE: dap_process_selected_daps: selected 0 records
DAP_TRACE: Username: itsdtk, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: itsdtk, dap_concat_fcn: [Your PC failed the Posture check
that is required to access GDOL's VPN solution. Your PC must be using the
following - Windows Based Operating System (Windows 7 and above or MAC OS X) -
Personal Firewall - Active Anti-Virus software that has been updated within
the last 10 days. Please fix these items and try again later. If you need
additional help please contact the Solution Center.] 390 490
DAP_TRACE: Username: itsdtk, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: itsdtk, DAP_close: 7A1EA508
**********************************************************************************************
GDOL CONFIDENTIALITY NOTICE: This transmission may contain confidential
information protected by state or federal law. The information is intended
only for use consistent with the state business discussed in this transmission.
If you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or the taking of any action based on the
contents is strictly prohibited. If you have received this transmission in
error, please delete this email and notify the sender immediately. Your
cooperation is appreciated.
**********************************************************************************************
