cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
881
Views
0
Helpful
6
Replies

ISE PIC WMI Questions

csco11552159
Level 5
Level 5

Hi,

if we are using WMI to monitor all our DCs( over 100 in 2 forests), the account we used for WMI has to change the password every year .....

Is there a way to do a bulk edit to update the password? 

 

2nd question, we have local PSN cluster and DCs have site setup.

once we enable WMI, will local PSN only contact local DC site? How does traffic sharing between multiple PSN in different cluster?

1 Accepted Solution

Accepted Solutions

In your example, PSN1 would monitor AD1 and AD2 while PSN2 would act as a back up. If PSN1 went down for some reason, PSN2 would take over monitoring both controllers.

Regards,
-Tim

View solution in original post

6 Replies 6

howon
Cisco Employee
Cisco Employee

Currently no way to bulk change password for this operation. Please reach out to local Cisco sales team or use the ISE feedback tool (From GUI, click gear icon > About Identity Services Engine > Provide Feedback)

ISE will leverage native SRV records in the DNS response to find AD servers. If Windows Sites & Services is configured then each ISE node will find local AD server per Site & Services setup.

Hi,

do you know if i have PSN1 and PSN2 in same cluster, will both query same AD server? or PSN1 will query to AD1 and PSN2 query AD2? for remote Sites, how PSN query? 

still try to understand the traffic flow.

Please disregard my answer to the 2nd question. My answer was for normal ISE/AD integration not for PIC/WMI. Have reached out to ISE-PIC subject matter expert who can provide the answer.

In your example, PSN1 would monitor AD1 and AD2 while PSN2 would act as a back up. If PSN1 went down for some reason, PSN2 would take over monitoring both controllers.

Regards,
-Tim

i see. thank you.

Do you know if there is a session limitation? 

Like Agent method, in the document mentions that each agent can monitor 10 ADs. 

Is there a limitation for WMI to monitor ADs ? 

 

 

 

100 DCs

 

Use the ISE scaling guide as a reference:

 

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: