06-12-2012 03:42 AM - edited 03-10-2019 07:11 PM
Hello.
I'm trying to connect Cisco CDA with Windows 2008 R2 Domain Controller but I get this error:
Log attributes
wmi-property |
|
06-12-2012 06:24 AM
I get the same error, in AD Agent this collect works fine. (same user)
06-12-2012 06:31 AM
Yes indeed.
The AD Agent from both DC's works fine to me also... I think because they are made for Microsoft environment.
With CDA it's another problem because I suppose that is a Linux kernel.
06-12-2012 08:37 AM
Hi guys,
On Windows 2008 R2 only, the Cisco CDA requires the user to have an additional permission on the following registry key:
–HKLM\Software\Classes\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
–HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6} (only if this key exists)
This permission is not given to members of the Domain Admins by default, and must be added explicitly.
You can refer to the user guide for more information:
http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_wrkng.html#wp1054050
I hope this helps resolves your issue,
Erez
06-13-2012 11:06 PM
Hi Shabat,
Sorry for my late answer.
I tried to modify the registry's as you said but I'm getting the error "Unable to save permission changes on
{76A64158-CB41-11D1-8B02-00600806D9B6}. Access is denied."
I forgot to mention that our DC's has Win 2008 R2 x64 SP1.
.
Regarding the privileges, the admin account has full access, but the permissions cannot be changed..
I don't know how to solve it.
Thanks in advance.
Regards,
Simon
06-14-2012 12:11 AM
Hi Simon,
You will need a Domain Admin account to add the permisson.
If you are indeed using a Domain Admin account, and still get the "Access is denied" message, you will need to take ownership of the registery key(s). You can do this by clicking the Advanced button in the Permissions tab - this will open a new window, in that window go to the "Owner" tab, and change the owner to the Domain Administrators group, or your current administrator account.
After taking ownership, you should be able to change the permissions successfully (without getting an "Access is denied" message).
Please let me know how it goes.
Thanks,
Erez
06-14-2012 12:22 AM
Hy Erez,
Thanks for reply.
So...
1. My user it's the domain admin
2. The ownership of the registry is already my domain admin.
But still not working.
06-14-2012 04:21 AM
Hi Simon,
Can you please double check the owner of the following key(s) explicitly? (i.e right click the key, click permissions and then advanced)
HKLM\Software\Classes\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6} (only if this key exists)
By default the owner is "TrustedInstaller", and should be changed to Domain Admins.
If you are still getting an "Access is denied" message, please feel free to contact me and I'll guide you through it.
Thanks,
Erez
“sudo yum install openmotif22-2.2.3-18.i386”
06-14-2012 04:48 AM
Hi Erez,
Finally works. Thank a lot.
But... I still have a question.
In this moment our DC's provides info's regarding the identity users to the main Cisco ASA and Irnport WSA S170 through Cisco AD Agent.
What I must do in order that ASA and WSA will comunicate with Cisco CDA instead of Cisco AD Agent to receive the updates?
Thanks again.
Regards,
Simon.
06-14-2012 05:22 AM
Hi Erez,
I solved the problem also with connection between AD to ASA and WSA.
Thanks a again for help.
Regards,
Simon
07-20-2012 12:25 AM
I have questions about the additional permissions you mentioned before. Our cda user is defined as domain admin and we changed the owner of the keys from TrustedInstaller to "Domain Admins".
What additional permissions are needed to get it working. We still have the problem that we get the "Access is denied". The same user used with the AD Agent works fine.
Thanks for helping in adv.
Walter
Sent from Cisco Technical Support iPad App
07-20-2012 12:35 AM
Hy Walter,
All what I've done was to make stept by step what Erez told me to do. And it's working fine.
Only one thing... I'm didn't create a CDA Admin inserted on Domains Admins I'm using only the Domain administrator to let CDA connect to DC's.
Did you made also what Erez told me about in the message on Jun 14, 2012 1:21 PM (in response to Simon Ludovic)?
*** By default the owner is "TrustedInstaller", and should be changed to Domain Admins. *** cf. Erez... both registry must be changed.
Thanks.
07-20-2012 01:06 AM
Hi Simon,
We did change both registry entries.
The problem we have, that we don't know what additional permissions are needed. Can you provide an example or even better a printscreen of your permission settings? Thanks!
Walter
Sent from Cisco Technical Support iPad App
07-20-2012 01:13 AM
Hy Walter,
Give me some minutes and I will provide some printscreens.
Thanks.
07-20-2012 01:21 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide