OnGuard auto-remediation is not working.
Configured auto-remediation as shown below in the OnGuard posture policies for Windows clients to disable the interfaces except Wired/Ethernet.
Tried connecting a Windows machine to network through both the wired and wireless interfaces and noticed the agent detected the wireless interface and marked the client as Unhealthy.
But the agent failed to disable the wireless interface as per auto-remediation process and requested the user to remediate manually by disabling/disconnection the other interfaces.
ClearPass server has two auto-remediation flags which needs to be enabled for auto-remediation to work.
- Global Remediation Flag - This flag is present in the service configuration to manage auto-remediation for all the health classes mapped in the Services >> Posture.
- Health Class Level Remediation Flag - In Posture Policies(which is already enabled in this case).
Global Remediation Flag should be enabled in the service configuration as shown below. If this flag is not enabled, the the OnGuard agent will not perform auto-remediation and prompt the user to take manual actions.