Hi Sir, i think you are right it says unkown. how to fix this issue sir?

You might want to try to download the User Database manually.  System > Integration > Realms and edit the realm go to User Download and then click Download Now.  This should be configured to download automatically  on a schedule but might be worth a try.

Also, you could have a look at the following link where the blogger has experience a similar issue.

https://finkotek.com/firepower-management-center-initiator-user-is-unknown/

Thanks sir but in my case i am using FMC7.0.1.1 and i cannot find any download button.

and i read the blog and he mentioned about AD agent? i have not installed or configured any AD agent, where can i get that one? is that a software that needs to be installed in the AD? just like in sonicwall SSO AGENT?

also i found some blogs that when using an AD user agent you need to setup from System > INtegration > Identity Soures > User Agent (button) but in my FMC there is no button for User Agent.

see below:

What is the domain that the "Unknown" user is associated with?  is it mydomain.local or domain1.mydomain.local.

Did you re-sync the user database.  you can do this by clicking on Load Groups under Groups and User Sync tab you posted the screenshot of earlier.

Hi Sir,

the primary active directory serve is TT-ADDS01.XYZ.local and the domain is XYZ.LOCAL.

i have synced the users a lot of times already

Hi Sir,

update: i have installed and configured ISE-PIC virtual and integrated to AD and FMC but still the url blocking is still not working for active directory users. 

please help!

I am assuming the the users you are trying to block with this rule are in one of the two user groups you have defined in the rule?

yes its part of one of the groups. i even tried to test block 1 user but still blocking is not working.

one more thing i bumped in to his bug just today. does this bug preventing the blocking to work correctly?

Are you able to try to specify a specific user instead of the group? does the rule work then?

The error is very generic but doesn't necessarily mean that it is a bug 

i tried adding single user but still the url blocking does not work. i even tried adding multiple individual users but still does not work. the only option that works for me is to block per ip address but in our current office setup this is not a doable option since most of the people from the production, they constantly changes cubicle positions and use different computers daily.

and 1 more thing, by looking at the connection events i see a lot of "Not Found" for Initiator User.

I suspect the issue is that you are using passive authentication, and the FTD is having issues authenticating the user with this method.  If you use active authentication with captive portal are you able to match the access rule?

Refer to this link if you want to continue to use passive authentication:

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/control_users_with_ts_agent.html

does that mean the ISE-PIC is not useful anymore? i have tried enablind active authenticatio in my identity policy but some mobile devices gets a "no internet notifications" from their network adapter but still they can connect to the internet and if a blocked site was hit it will redirect to the firewalls inside interface https page.