Solved: Re: Passive Identity Agent error

tkiel · ‎09-26-2022

ISE PIC Agent does not return any user/IP to ISE, keeps getting this error in CiscoISEPICAgent file:
022-09-26 01:10:29,053 ERROR - Rest Client, Error sending mapping {user=dummyMapping, ip=192.168.12.32} to https://S-CISCOISE02.domain.local:9095 : String was not recognized as a valid DateTime.

anyone got a hint?

Regards
Thomas

thomas · ‎10-01-2022

Call TAC to troubleshoot since you did not offer any details, logs, etc.

See How to Ask The Community for Help for more details to provide next time.

View solution in original post

barrykaauamo · ‎09-26-2022

@tkiel wrote:
ISE PIC Agent does not return any user/IP to ISE, keeps getting this error in CiscoISEPICAgent file:
022-09-26 01:10:29,053 ERROR - Rest Client, Error sending mapping {user=dummyMapping, ip=192.168.12.32} to https://S-CISCOISE02.domain.local:9095 : String was not recognized as a valid DateTime.
United Airlines Flying Together
anyone got a hint?
Regards
Thomas

Thankful for the little by little useful exercise. Has conclusively the ordinary impact.

thomas · ‎10-01-2022

Call TAC to troubleshoot since you did not offer any details, logs, etc.

See How to Ask The Community for Help for more details to provide next time.

tkiel · ‎10-02-2022

Hi Thomas

Which logs would you expect?
On the Domain Controller, the line is repeated constantly within the file: CiscoISEPICAgent.

Regards
Thomas

m.trautes · ‎11-24-2022

Hello Thomas,

do you have a solution for the problem. We have the same error on a ISE-PIC.

Regards

Michael

tkiel · ‎11-24-2022

Hi Michael

Unfortunately not yet, it is on my todo list
The documentation for troubleshooting ISE-PIC is very limited and this issue is not the connection to domain controller but more likely permissions on the domain controller.

Best luck
Thomas

AugustoS.Nunes · ‎01-26-2023

Hello Thomas,

I have the same issue here, and it's giving me this log on every user authentication, any updates so far?

Even TAC seems to be having an issue figuring this one out, at least on the case i opened.

stephane.merl · ‎03-15-2023

Hello AugustoS.Nunes,

Did you get any news from TAC ?
I currently facing the same issue.

CiscoISEPICAgent.log

2023-03-15 16:07:03,782 DEBUG - Continuing forward event : , Verified it is not a machine account... with username batman
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT ***** Reading Event *******
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT TimeGenerated in DC UTC = 03/15/2023 16:07:02
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT user = batman
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT domain = DCOMICS
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT ip = 192.168.10.212
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT latency = 1,0109357 seconds
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT agentTimeUTC , 03/15/2023 16:07:03
2023-03-15 16:07:03,782 DEBUG - Domain Controller 192.168.10.211, EVT Received Time:15/03/2023 16:07:02, Latency:1,0109357, Computer:ad01.dcomics.lan, User:batman, Domain:DCOMICS, IP:192.168.10.212
2023-03-15 16:07:03,782 DEBUG - Rest Client, Sending mapping to https://isepic.dcomics.lan:9095: user=batman, ip=192.168.10.212
2023-03-15 16:07:03,829 ERROR - Rest Client, Error sending mapping {user=batman, ip=192.168.10.212} to https://isepic.dcomics.lan:9095 : String was not recognized as a valid DateTime.

passiveid-agent.log
2023-03-15 16:07:03,787 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- REST request arrived from client with hostname: ad01.dcomics.lan, ip: 192.168.10.211
2023-03-15 16:07:03,787 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Looking for Agent in configuration, with ip 192.168.10.211 or hostname ad01.dcomics.lan.
2023-03-15 16:07:03,788 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Current Agent hostname/ip in config: ad01.dcomics.lan
2023-03-15 16:07:03,792 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Received login event. Identity Mapping.probe = Agent , dc-host = /192.168.10.211 , Identity Mapping.server = isepic , event-operation-type = ADD ,
2023-03-15 16:07:03,792 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Validating incoming loging event...
2023-03-15 16:07:03,792 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- AgentTime 1678896423 DCTime 1678896422 ISETime 1678896423
2023-03-15 16:07:03,792 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Building login event to be published to session directory.
2023-03-15 16:07:03,792 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- retrieving user's additional informaion from Active Directory.
2023-03-15 16:07:03,833 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- recording login event into local log.
2023-03-15 16:07:03,836 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Forwarded login event to session directory. Identity Mapping.id-src-first-port = -1 , Identity Mapping.dc-domainname = dcomics.lan , Identity Mapping.id-src-port-start = -1 , Identity Mapping.probe = Agent , Identity Mapping.id-src-port-end = -1 , Identity Mapping.event-user-name = batman , Identity Mapping.dc-host = /192.168.10.211 , Identity Mapping.agentId = , Identity Mapping.server = isepic , Identity Mapping.event-ip-address = 192.168.10.212 ,
2023-03-15 16:07:03,836 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Publishing identity mapping event. Identity Mapping.id-src-first-port = -1 , Identity Mapping.dc-domainname = dcomics.lan , Identity Mapping.id-src-port-start = -1 , Identity Mapping.probe = Agent , Identity Mapping.id-src-port-end = -1 , Identity Mapping.event-user-name = batman , Identity Mapping.dc-host = /192.168.10.211 , Identity Mapping.agentId = , Identity Mapping.server = isepic , event-operation-type = ADD , Identity Mapping.event-ip-address = 192.168.10.212 ,
2023-03-15 16:07:03,836 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Details 192.168.10.212
2023-03-15 16:07:03,836 DEBUG [Grizzly-worker(3)][[]] com.cisco.idc.agent-probe- Going to publish login event...

On ISE-PIC, live Sessions stays empty...

Thank you !

[Edit]Added passiveid-agent.log from ISE-PIC

ASN · ‎03-15-2023

Hello Stephane,

I am on my personal account right now, but yes!

The issue seems to be with the Endpoint Check on ISE-PIC and FMC 7.2 which started dealing with "Unreachable" endpoints sent by ISE, basically ISE check's if the endpoint is active with this feature enabled (by default) through WMI and if isn't able to get a response comes back as "Unreachable" and starting on FMC 7.2, it "discards" this users and don't add them to the Active Sessions database.

The only two ways to resolve this seams to be from disabling the Endpoint Check on ISE-PIC (Providers>Endpoint Check) or let ISE-PIC connect through WMI on the workstations. We disabled the endpoint check and everything in fine now!

Also in regards to this log on the ISE Agent, a patch has to by applied to fix this since seems to be a bug, haven't try it yet but it's on our roadmap to do!
2023-03-15 16:07:03,829 ERROR - Rest Client, Error sending mapping {user=batman, ip=192.168.10.212} to https://isepic.dcomics.lan:9095 : String was not recognized as a valid DateTime.
CSCwd45843 > https://software.cisco.com/download/home/283801620/type/283802505/release/HP-CSCwd45843
Confirmed by TAC that can by applied on ISE-PIC even if it's an ISE download.