Symptom
You have an endpoint performing posture. Anyconnect might show the enpdoint is compliant but on ISE the status remains as unknown.
Conditions
Multiple attempts doing posture flow or periodically endpoint devices get stuck in the posture uncompliant state.
set LSD component to TRACE level. Reproduce the issue and then
use command:
show logging app lsd.log | i "Empty"
you can see:
java.lang.IllegalArgumentException: Empty SessionKey value
at com.cisco.cpm.lsd.service.SessionKey.buildSessionKey(SessionKey.java:18)
at com.cisco.cpm.lsd.service.SessionDirectory.findSessionByMAC(SessionDirectory.java:93)
Workaround
Bounce the network on EP.
Further Problem Description
