08-17-2017 01:26 PM
Greetings,
We are trying to set up Passive ID and it worked fine in a test AD/env. Now, trying to set it up in production, we see a 403 forbidden being sent from ISE to the agent.
Now, our domain admins will not give us accounts, so they installed the agent.
When we register the agent, it has a username/password required still. Is this needed, or can it be any account? I can't find much on documentation on getting the agent to register correctly. Since the capture is encrypted, I'm unsure what if any username is being sent by the agent.
Thanks,
Solved! Go to Solution.
08-18-2017 01:48 PM
Please engage Cisco TAC on this, if not already done, as TAC may help gathering more debug logs and recreate.
The credentials for the DC are entered for each DC at the DC configuration pages.
08-18-2017 05:09 AM
Yes, the username and password are required. The credentials you supply in ISE should match the credentials used when installing the agent on the DC. Here's the section on the Passive ID Agent Settings from the Admin Guide:
Cisco Identity Services Engine Administrator Guide, Release 2.2
08-18-2017 12:32 PM
From the linked manual
select the agent you created from the dropdown list, enter the user name and password credentials if you created any for the agent, and click Save. The agent is enabled for the domain controller and the dialog box closes.
This sounds like the username/password is unneeded if one is not set up on the agent, but is a required field in ISE.
ISE is not failing adding the agent, but the agent is logging a 403 forbidden error when trying to communicate with ISE.
08-18-2017 12:38 PM
Have you entered the same credentials on both sides?
08-18-2017 01:02 PM
I asked the domain admin and he said there was no prompt for any credentials, just run the installer and it installed.
Where/how would I see what credentials the agent has?
08-18-2017 01:48 PM
Please engage Cisco TAC on this, if not already done, as TAC may help gathering more debug logs and recreate.
The credentials for the DC are entered for each DC at the DC configuration pages.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide