https://community.cisco.com/t5/network-access-control/ise-passive-identity/m-p/4780616#M580017 <P>Trying to get this setup and it appears to be successful when I setup the DC's and configure them.&nbsp; This is for FMC in the background to identify users/devices.&nbsp; However, in the dashboard the provider always shows down.&nbsp; After a lot of research it appears due to a number of Microsoft changes the DC's no longer allow this WMI connectivity.&nbsp; I found a number of posts regarding un-installing a patch or putting in a reg key to fix it but it appears that was sunset as well in early/mid 2022.&nbsp; I attempted to deploy the agents as well and those appear to have been successful but it still doesn't appear to work.&nbsp;&nbsp;</P> <P>Whole goal here is to let FMC/FTD be able to identify users from AD.&nbsp; Works just fine if the user actually authenticated to ISE (dot1x, etc) but if the user is just an AD user logging into a machine and that machine simply logs into the domain and never authenticates to ISE, the mapping in ISE never happens and thus FMC/FTD never learns anything about the device.<BR /><BR />Is there anyway to get this working now?&nbsp; I've used the downloadable user agent in the past but according to documentation its being EOL'd too.&nbsp;&nbsp;</P> Wed, 22 Feb 2023 14:43:40 GMT stamperbrian 2023-02-22T14:43:40Z https://community.cisco.com/t5/network-access-control/ise-passive-identity/m-p/4780616#M580017 <P>Trying to get this setup and it appears to be successful when I setup the DC's and configure them.&nbsp; This is for FMC in the background to identify users/devices.&nbsp; However, in the dashboard the provider always shows down.&nbsp; After a lot of research it appears due to a number of Microsoft changes the DC's no longer allow this WMI connectivity.&nbsp; I found a number of posts regarding un-installing a patch or putting in a reg key to fix it but it appears that was sunset as well in early/mid 2022.&nbsp; I attempted to deploy the agents as well and those appear to have been successful but it still doesn't appear to work.&nbsp;&nbsp;</P> <P>Whole goal here is to let FMC/FTD be able to identify users from AD.&nbsp; Works just fine if the user actually authenticated to ISE (dot1x, etc) but if the user is just an AD user logging into a machine and that machine simply logs into the domain and never authenticates to ISE, the mapping in ISE never happens and thus FMC/FTD never learns anything about the device.<BR /><BR />Is there anyway to get this working now?&nbsp; I've used the downloadable user agent in the past but according to documentation its being EOL'd too.&nbsp;&nbsp;</P> Wed, 22 Feb 2023 14:43:40 GMT https://community.cisco.com/t5/network-access-control/ise-passive-identity/m-p/4780616#M580017 stamperbrian 2023-02-22T14:43:40Z https://community.cisco.com/t5/network-access-control/ise-passive-identity/m-p/4780661#M580020 <P>Don't use the WMI-based Passive ID Agent, use the newer EVT-based agent.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216512-configure-evt-based-identity-services-en.html" target="_self">Configure EVT-Based Identity Services Engine Passive ID Agent</A>&nbsp;</P> Wed, 22 Feb 2023 15:40:53 GMT https://community.cisco.com/t5/network-access-control/ise-passive-identity/m-p/4780661#M580020 Charlie Moreton 2023-02-22T15:40:53Z https://community.cisco.com/t5/network-access-control/ise-passive-identity/m-p/4780743#M580026 <P>This was it.&nbsp; I had already deployed the agents but hadn't added the DCs using the agents!&nbsp; Story of my life.&nbsp; One step short of my goal <span class="lia-unicode-emoji" title=":face_with_tongue:">😛</span>&nbsp; Thank you so much!</P> Wed, 22 Feb 2023 16:50:12 GMT https://community.cisco.com/t5/network-access-control/ise-passive-identity/m-p/4780743#M580026 stamperbrian 2023-02-22T16:50:12Z