Hi All,
My device classification policy matches when all three criteria are met...
There are a lot of users complaining that they can't access ZTNA, so I checked and they're unmanaged...
I fixed it by pushing an update to the client and restarting the service/computer. It's probably not possible to do it every few days for users
what is can be the root cause of pull users out from device classification policy.
Best answer by sshiflett
From there, we can look at the client logs to see which checks are failing. The logs will reflect individual checks and their success or failure with entries similar to:
+5Have you enabled the Periodic Device Classification?
https://docs.netskope.com/en/netskope-client-configuration/#tunnel-settings-earlier-termed-as-traffic-steering
Have you enabled the Periodic Device Classification?
https://docs.netskope.com/en/netskope-client-configuration/#tunnel-settings-earlier-termed-as-traffic-steering
sure, 60 min as default, then i changed it to 20 min ... same
how can I troubleshoot Device classification issues on end user?
From there, we can look at the client logs to see which checks are failing. The logs will reflect individual checks and their success or failure with entries similar to:
That is correct. The log entries should exist in the nsdebuglog.log file. If you have custom labels or some of the newer checks for OS versions and Anti-virus/EDR then you may find that the logs vary a bit but will still be in that file.
That is correct. The log entries should exist in the nsdebuglog.log file. If you have custom labels or some of the newer checks for OS versions and Anti-virus/EDR then you may find that the logs vary a bit but will still be in that file.
OK , thank you.
I’m don't find in the log these lines
+1Same here - I am having a hard time troubleshooting device classification errors. Is there a documentation for each OS where to look exactly when a device is classified as unmanaged? I want to understand which check fails? At least for Macs, I cannot find any checks done in nsdebuglog.log?
Same here - I am having a hard time troubleshooting device classification errors. Is there a documentation for each OS where to look exactly when a device is classified as unmanaged? I want to understand which check fails? At least for Macs, I cannot find any checks done in nsdebuglog.log?
example: from my log file
nsUtils From Registry - Windows Edition: Windows 10 Enterprise BuildVersion:22631 >> thats the OS
2024/10/18 10:28:30.976 stAgentSvc p18a4 t393c info osUtils.cpp:892 nsUtil isAVRunning check
2024/10/18 10:28:30.996 stAgentSvc p18a4 t393c error osUtils.cpp:912 nsUtil Failed to initialuze productlist: 0x80070426
2024/10/18 10:28:30.998 stAgentSvc p18a4 t393c info osUtils.cpp:993 nsUtil AVRunning status: 0 >>0 mean failed and 1 means Success.
Hopefully this helps!
IF you cannot find the below snippet of text in the nsdebuglog.log, it is because there is a backend flag enabled which encrypts the device management logs so it is unreadable.
I had the same issue and it made troubleshooting extremely difficult for the helpdesk teams. I have raised a Netskope idea to get this information present in the Netskope admin portal.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
