Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Context Directory Agent server 2012R2


Win server 2012R2 is not offically on the supported list for Contex Directory Agent ( CDA  ) , anyone tested this setup ?

I have been following the Installation guide for 2012 : but I the server stays red in the CDA gui. No error messages in the log though. 

CDA is patch1 and CDA user is within the Domain Admin group and necessary priv changes according to the installation document is in place ( registry key ownership etc,) , firewall on the server has been temporarily disabled.

Just wanted to see if there is anyone who got the combination CDA/2012R2 running and/or when there will be an official patch to CDA to add 2012R2 support.

Cisco Employee

I guess, you should ask this query either in firewall or web security appliance community

I was looking around and as per installation guide. The Cisco CDA 1.0 supports the following Active Directory versions:

• Windows Server 2003

• Windows Server 2003 R2

• Windows Server 2008

• Windows Server 2008 R2

Jatin Katyal

**Do rate helpful posts**


CDA 1.0 patch 1 adds support for server 2012 (  2012R2 is not supported officially it seems like ).


Maybe someone knows ETA or any news regarding CDA in combination with 2012 R2 domain controllers?


I verified I also have the same problem connecting to 2012R2 after upgrading CDA to Patch 1 from a non-patch CDA connecting to a retired 2008R2 box.  The Status icon under Active Directory Servers is red.

I verified the netsh commands, DCOM settings, WMI settings were all reconfigured on the new 2012R2 DC without any progress.


Patch 2 was released during February , anyone tested against 2012 R2 ? Can't find anything specific in the release notes..


Thanks for the notification on the new release. After installing Patch 2 this morning, the connection to my 2012R2 DC did not turn green from the previous red. I tried removing the connection and re-adding without any luck either. Another thing I tried was the NTLMv2 setting even though I have GPO “Network security: LAN Manager authentication level” set to “Send LM & NTLM - use NTLMv2 session security if negotiated.”

I can't get it to work, and you’re right that 2012 R2 isn’t specifically supported with this release based on the release guide missing specific mention of it and the fact that it doesn't show up under the "What's new in Cisco CDA" section as 2012 does for Patch 1.  I'm disapointed in the slowess to support this OS.  Waiting for the next patch...


I agree Jeremy. I am also very surprised to see that there is no support for CDA to work with Server 2012 R2.


Same issue here.. I have opened a case with TAC, and they stated that it's in development, but it's known not to work. There is a "work around", but I'm still debating if it something I want to do. You basically need to configure event log forwarding for event ID 4768 (Kerberos authentication), to another DC that is running one of the supported versions of Windows server. I'm going to test it if I can find better documentation on the web somewhere.


Also opened case with TAC, had asked for ETA for fix or some documentation for the log forwarding work-around.  TAC couldn't provide either.

Keith, did you have any luck with the log forwarding work-around?





I decided that it was not in the best interest of my company. Mostly because I would be adding another dependancy with having to forward the logs to another server, and then adding that server to the CDA. For now I just installed a 2012 (non R2) domain controller. I'm really torn, because I would have loved to have used the latest group policy that R2 had to offer. I was given a time frame of about a year for a fix, which is really unreasonable, but there's not a thing I can do about it.



Appreciate the response.  We're stuck between a rock and a hard place.... just implementing CX with CDA, however also in the process of upgrading all DCs to 2012 R2 which will be completed in a few weeks.  Had really wanted to use passive auth feature, so will be testing log forwarding concept.

Thanks - Paul



Did you ever get the event log forwarding to work with the CDA?  I was attempting to go this route also, however i cant get the CDA to see the forwarded events.  

For testing, I have a domain with two 2012 R2 DC's and one 2012 DC.  My server 2012 DC is also the collector for the event logs from the other two 2012 R2 servers.  The forwarded events are showing up in the collector, however they are not showing up as user-IP mappings on the CDA.  The only devices that show up in the User-IP mappings on the CDA are the devices that authenticated to the 2012 DC.




No we didn't have any luck with the log forwarding, opted to use active auth with NTLM for now.  Waiting on Cisco for the fix.


So , the new patch is out since some weeks back - anyone tried it with 2012R2 yet ?


Content for Community-Ad