https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419200#M527498 <HTML><HEAD></HEAD><BODY><P>I am checking with our teams on your inquires. If possible, please share the TAC case number.</P></BODY></HTML> Tue, 22 Aug 2017 17:59:39 GMT hslai 2017-08-22T17:59:39Z https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419198#M527494 <HTML><HEAD></HEAD><BODY><P>I am seeking any help / advice from anyone who has implemented in a live corporate environment the use of a Member Server to provide PassiveID support for an ISE implementation.</P><P></P><P>Based on the design from BRKSEC-3697 from Aaron Woland's lecture, we have implemented a member server and are using a manually installed agent. (see attached .pdf)</P><P></P><P>Why?</P><P>Using this design since our Server Admins are concerned directly accessing or using an agent on any production DC's</P><P></P><P>Problems!</P><P>Unable to read logs which will not provide PassiveID information to ISE-Primary/Secondary devices</P><P>Logs are placed into a folder called Forwarded Events with the correct EventID (4769)</P><P></P><P>Questions:</P><P>1. can the member server be in the parent domain?</P><P>2. is there any way to point the required eventID if unable to use the Forwarded Events?</P><P></P><P>Thanks for any assistance</P><P>Dave Moore</P><P></P><P>(I have a TAC case open, but really need a solution soon as 3 projects are relying on this problem resolution)</P></BODY></HTML> Mon, 21 Aug 2017 18:24:35 GMT https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419198#M527494 dmooregfb 2017-08-21T18:24:35Z https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419199#M527496 <HTML><HEAD></HEAD><BODY><P>Attachment of the design</P></BODY></HTML> Mon, 21 Aug 2017 18:26:34 GMT https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419199#M527496 dmooregfb 2017-08-21T18:26:34Z https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419200#M527498 <HTML><HEAD></HEAD><BODY><P>I am checking with our teams on your inquires. If possible, please share the TAC case number.</P></BODY></HTML> Tue, 22 Aug 2017 17:59:39 GMT https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419200#M527498 hslai 2017-08-22T17:59:39Z https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419201#M527499 <HTML><HEAD></HEAD><BODY><P>Hslai, thanks for this:</P><P></P><P>SR 682790420 : PassiveID</P><P></P><P>Dave</P></BODY></HTML> Tue, 22 Aug 2017 18:21:55 GMT https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419201#M527499 dmooregfb 2017-08-22T18:21:55Z https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419202#M527500 <HTML><HEAD></HEAD><BODY><P>The TAC case has been associated with an active ISE ESC case and one of our ESC engineers have been assigned to it, so please continue the discussion with TAC and ISE ESC teams.</P><P></P><P>On 1, the collector can be in the parent domain to collect the windows events from a child domain.</P><P>On 2, you may change the subscription to update the destination log to Application or System. Also, we should monitor for both 4768 and 4770.</P><P><IMG alt="Screen Shot 2017-09-06 at 10.39.17 AM.png" class="image-1 jive-image" height="131" src="/legacyfs/online/fusion/111024_Screen Shot 2017-09-06 at 10.39.17 AM.png" style="height: 131.1455160744501px; width: 433px;" width="433" /></P></BODY></HTML> Wed, 06 Sep 2017 17:42:01 GMT https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419202#M527500 hslai 2017-09-06T17:42:01Z https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419203#M527501 <HTML><HEAD></HEAD><BODY><P>hslai, thanks for the information. Will keep the lines of communication open with TAC.</P></BODY></HTML> Wed, 06 Sep 2017 18:41:41 GMT https://community.cisco.com/t5/network-access-control/ise-active-directory-design-assistance/m-p/3419203#M527501 dmooregfb 2017-09-06T18:41:41Z