Re: Cisco Context Directory Agent - Error Querying for WMI prope - Page 2

Simon Ludovic · ‎06-12-2012

Hello.

I'm trying to connect Cisco CDA with Windows 2008 R2 Domain Controller but I get this error:

Log attributes

wmi-property

exception-stack

org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.java:310)

org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:510)

org.jinterop.dcom.core.JIComServer.(JIComServer.java:414)

com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:39)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:83)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:599)

dc-hostname

HOSTANEM/192.168.X.X

dc-name

HOSTNAME

exception-cause

org.jinterop.dcom.common.JIRuntimeException: Access is denied, please check whether the [domain-username-password] are correct. Also, if not already done please check the GETTING STARTED and FAQ sections in readme.htm. They provide information on how to correctly configure the Windows machine for DCOM access, so as to avoid such exceptions. [0x00000005]

wmi-class

Win32_NTDomain

exception-message

Access is denied, please check whether the [domain-username-password] are correct. Also, if not already done please check the GETTING STARTED and FAQ sections in readme.htm. They provide information on how to correctly configure the Windows machine for DCOM access, so as to avoid such exceptions. [0x00000005]

wmi-property

DomainName

dc-username

administrator

WALTER GROSSENBACHER · ‎07-20-2012

Hi Simon,

Thanks for the printscreen.

We already checked the firewalls. Everything ok.

The permissions and everything configured the same way but it doesn't work.

I doublecheck all the configurations again and check the logs to find out why it's not working.

Thanks again.

P.S. You have to check your printscreen. Maybe you wonna hide more informations....

Cheers

Walter

Sent from Cisco Technical Support iPad App

Simon Ludovic · ‎07-20-2012

By the way...

Firewall is permitting request from CDA to DC's?

It came in my mind the question.

It happens to me sometimes that I forgot to allow the traffic.

Simon Ludovic · ‎07-20-2012

Hy Walter,

I attached also a printscreen with config of DC's in Cisco CDA.

Maybe helps.

Schönes wochenende

Regards,

Simon

WALTER GROSSENBACHER · ‎07-20-2012

Hi Simon!

I took a look to your "cda config.jpg" and have to ask you if the Administrator you used is defined in the CDA config as Admin as well?

Have a nice weekend as well

Walter

Sent from Cisco Technical Support iPad App

Simon Ludovic · ‎07-22-2012

Hy Walter,

Yes indeed.

The domain administrator is used also in CDA.

Have a nice week.

WALTER GROSSENBACHER · ‎07-24-2012

We defined the domain administrator as admin in the CDA as well. Still doesn't work. We can't find out what's the problem. I think we still have to use the ADagent to communicate with the domain controllers. What a pitty! o(

Thanks for your help!

Cheers

Walter

Sent from Cisco Technical Support iPad App

Luis Franks J Roman Quispe · ‎08-29-2014

Hi there,

I submitted the problem is occurring at startup. I've done the appropriate steps but I'm still trouble hooking my CDA with AD.

tressmeister · ‎06-21-2012

Hi,

I had the same problem since I did not want to use a Domain Admin account.

I migrated from the original IDFW agent, original permissions were OK but it seems some permissions were still missing.

Here's what did the trick for me:

Start - Run - dcomcnfg

Then go to:

Component Services - Computers - My Computer - DCOM Config - {76A64158-CB41-11D1-8B02-00600806D9B6}

left-click Properties - Security tab - Edit ("Launch and Activation Permissions" and "Access Permissions") - add the permissions for the user (I added full permissions).

I'm using Windows Server 2008 R2.

Regards,

Claude

Print Screen attached.

CSCO11496083 · ‎07-09-2012

Hi,

I applied the solutions mentioned above, but now i get the below error. Domain still shows as down.

wmi-property	exception-stack	org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:158)
		org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
		org.jinterop.dcom.core.JISession.releaseRef(JISession.java:805)
		org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:777)
		com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:40)
		com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:83)
		com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
		com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
		com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:599)
	dc-hostname	/

	dc-name
	exception-cause	java.net.ConnectException: Connection timed out

	wmi-class	Win32_NTDomain
	exception-message	An internal error occurred. [0x8001FFFF]

	wmi-property	DomainName
	dc-username

Any Idea on the error?

Thanks.

kapitalsugurta · ‎01-20-2014

Thank you all!

On my Domain Controller 2012 its resolved connectivity issues with CDA, but it seems and I'm not sure by 100%, after that changes my Network Printer stops scan documents into all SMB shares that works perfect before.

Update:

After that changes stops working AD authorization for:

Network printers
Internal RAS-VPN servers (The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.)
Authorizations from applications for our developers

Before the changes all works just fine. It seems the changes destroy some authorization mechanism in Active Directory.

How to revert it back?! It's a disaster!

Trying to change owner back and TrustedInstaller user/object not found!

Any thoughts?

sarathd24 · ‎08-24-2017

Hi,

Nice to know that you resolved the issue for the windows 2012 server. Could you please tell me how you resolved it, if you remember ?. When we try to apply the changes, we are getting an access denied error message. For that partiuclar key only the trusted installes has full right and so we tried to change the owner ship, but we are not able to do that as well.

It would be really nice if could help.

Lyle Erding · ‎08-04-2020

I realize this is an old thread, but I was having the same problem getting the CDA to log into my AD. I am using a user with Domain Admin privileges and had rechecked the registry key permissions multiple times with no luck, and wasn't finding a lot of other information. I finally searched on the exception-clause portion of the error and it pointed me at something totally unrelated to CDA but mentioned that SMBv1 being disabled was the cause of their problem. I checked the server I was testing against and it did have SMBv1 installed but not enabled. https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3 is the link to troubleshoot SMB versions. Once I enabled SMBv1 I was able to connect to the DC and start populating my User to IP database.

Cisco Context Directory Agent - Error Querying for WMI property