https://community.cisco.com/t5/network-access-control/integration-of-ise-pic-with-ad-access-denied/m-p/4796589#M580595 <P>Hello community,</P> <P>&nbsp;</P> <P>I'm trying to integrate ISE-PIC with AD using&nbsp; WMI, user is domain admin so it has already all the permissions.</P> <P>Error: access denied<EM> please check credentials, permissions and configure the permissions windows machine for wmi access.</EM></P> <P>&nbsp;</P> <P>Is there any extra config I need to do in active directory?</P> <P>&nbsp;</P> <P>Best regards,&nbsp;</P> <P>BR</P> <P><EM>&nbsp;</EM></P> <P><EM>&nbsp;</EM></P> Fri, 17 Mar 2023 13:49:58 GMT Bledian 2023-03-17T13:49:58Z https://community.cisco.com/t5/network-access-control/integration-of-ise-pic-with-ad-access-denied/m-p/4796589#M580595 <P>Hello community,</P> <P>&nbsp;</P> <P>I'm trying to integrate ISE-PIC with AD using&nbsp; WMI, user is domain admin so it has already all the permissions.</P> <P>Error: access denied<EM> please check credentials, permissions and configure the permissions windows machine for wmi access.</EM></P> <P>&nbsp;</P> <P>Is there any extra config I need to do in active directory?</P> <P>&nbsp;</P> <P>Best regards,&nbsp;</P> <P>BR</P> <P><EM>&nbsp;</EM></P> <P><EM>&nbsp;</EM></P> Fri, 17 Mar 2023 13:49:58 GMT https://community.cisco.com/t5/network-access-control/integration-of-ise-pic-with-ad-access-denied/m-p/4796589#M580595 Bledian 2023-03-17T13:49:58Z https://community.cisco.com/t5/network-access-control/integration-of-ise-pic-with-ad-access-denied/m-p/4796597#M580597 <P>hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1286620">@Bledian</a>&nbsp; it's very likely that the integration is not working due to the following bug&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz97194" target="_blank">CSCvz97194</A>, this is also been documented on the Microsoft side due to the DCOM hardening that took place few days ago&nbsp;<A href="https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c" target="_blank">https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c</A>&nbsp; , one thing that you can attempt is to configure another provider such as MS-RPC more info in this link&nbsp;<A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216512-configure-evt-based-identity-services-en.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216512-configure-evt-based-identity-services-en.html</A>&nbsp;.&nbsp;</P> <P>Kindly rate and let me know if that helped you .&nbsp;</P> Fri, 17 Mar 2023 14:01:23 GMT https://community.cisco.com/t5/network-access-control/integration-of-ise-pic-with-ad-access-denied/m-p/4796597#M580597 Rodrigo Diaz 2023-03-17T14:01:23Z