09-23-2019 11:52 AM
I am sure this is documented somewhere, but I can't find it. Does passive ID support RO DCs? When I bring up the DC list in ISE I don't see any of my customer's RO DCs. The SourceFire user agent support RO DC monitoring and we are trying to replace that agent with ISE passive ID.
Solved! Go to Solution.
11-05-2020 05:32 PM
There are no updates to that enhancement request, so this enhancement does not appear to be implemented in any current versions of ISE. The workarounds mentioned earlier in the thread are still available.
ISE 3.0, however, does support Passive ID using MS-Eventing API or Microsoft Remote Procedure Call (MSRPC) protocol as per the Release Notes. You might test if that works with your RODCs instead.
09-25-2019 11:11 PM
CSCvr32010 is a known issue on this area.
09-26-2019 04:52 AM
09-29-2019 09:20 AM
The bug has been marked customer-visible since Sept-19 so not sure why you are unable to see it.
It's an enhancement request to add Passive ID support for RODCs and the current workaround is using Windows Event Forwarding (WEF) or a syslog forwarder.
11-05-2020 07:04 AM
Any update for this issue pls
11-05-2020 05:32 PM
There are no updates to that enhancement request, so this enhancement does not appear to be implemented in any current versions of ISE. The workarounds mentioned earlier in the thread are still available.
ISE 3.0, however, does support Passive ID using MS-Eventing API or Microsoft Remote Procedure Call (MSRPC) protocol as per the Release Notes. You might test if that works with your RODCs instead.
07-10-2023 07:18 AM
Hello, I am having the same issue, I have configured RODC to send security events to DCs, but MSRPC agent is not reading those users? Do you know why?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide