Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
1
Helpful
1
Replies

Integration of ISE-PIC with AD, access denied

Go to solution
Bledian
Level 1
Level 1

‎03-17-2023 06:49 AM

Hello community,

 

I'm trying to integrate ISE-PIC with AD using  WMI, user is domain admin so it has already all the permissions.

Error: access denied please check credentials, permissions and configure the permissions windows machine for wmi access.

 

Is there any extra config I need to do in active directory?

 

Best regards, 

BR

 

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

‎03-17-2023 07:01 AM

hello @Bledian  it's very likely that the integration is not working due to the following bug CSCvz97194, this is also been documented on the Microsoft side due to the DCOM hardening that took place few days ago https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c  , one thing that you can attempt is to configure another provider such as MS-RPC more info in this link https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216512-configure-evt-based-identity-services-en.html . 

Kindly rate and let me know if that helped you . 

View solution in original post

1 Reply 1

Go to solution
Rodrigo Diaz
Cisco Employee
Cisco Employee

‎03-17-2023 07:01 AM

hello @Bledian  it's very likely that the integration is not working due to the following bug CSCvz97194, this is also been documented on the Microsoft side due to the DCOM hardening that took place few days ago https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c  , one thing that you can attempt is to configure another provider such as MS-RPC more info in this link https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216512-configure-evt-based-identity-services-en.html . 

Kindly rate and let me know if that helped you . 

Customers Also Viewed These Support Documents