Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5376
Views
0
Helpful
4
Replies

Active directory Realm error in FMC log.

Go to solution
scruse
Level 1
Level 1

‎08-02-2018 03:23 PM - edited ‎02-21-2020 08:03 AM

I'm getting the following errors in the FMC syslog.  I'm not sure this is causing any issue as we are currently in the progress of standing up our firepower implementation and don't have any access policy using any user criteria yet.  I just want to know if this is normal or will this cause problem when we try to use policies based on users?  FMC version is 6.2.3.3-76.

 

Aug 02 2018 18:09:20 FMC SF-IMS[4764]: [2640] ADI:adi.AdRealm [WARN] normalizeUsername: failed to normalize from userPrincipalName: user@domain for username user@domain


Aug 02 2018 18:09:20 FMC SF-IMS[4764]: [2640] ADI:adi.LdapRealm [ERROR] Unable to retrieve DN for userPrincipalName with value user@domain

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ashork
Level 1
Level 1
In response to scruse

‎08-03-2018 11:24 AM

as long as you see the users in ACL's it won't cause any problem. you are just integrating with AD and applying rules based on users. just to be safe create a test acl and apply a identity policy and verify whether your rules are working or not.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ashork
Level 1
Level 1

‎08-03-2018 10:48 AM

-> LdapRealm [ERROR] Unable to retrieve DN for userPrincipalName with value user@domain

 

make sure you config Realm correctly(Test and verify) if you have multiple AD servers add these to the realm. download the groups that you need. if you still get the same error, remove the realm and add it again.

0 Helpful

Go to solution
scruse
Level 1
Level 1
In response to Ashork

‎08-03-2018 11:18 AM

Thanks for the quick reply @Ashork.  I verified all AD DC's were configured and tested in the realm and tested the join credentials, but was still getting the errors.  I removed and re-created the realm testing everything along the way and downloaded the groups just fine.  Even after recreating the realm I'm still getting the same errors in the log.  

0 Helpful

Go to solution
Ashork
Level 1
Level 1
In response to scruse

‎08-03-2018 11:24 AM

as long as you see the users in ACL's it won't cause any problem. you are just integrating with AD and applying rules based on users. just to be safe create a test acl and apply a identity policy and verify whether your rules are working or not.

0 Helpful

Go to solution
scruse
Level 1
Level 1
In response to Ashork

‎08-03-2018 11:30 AM

Thanks again @Ashork. That's what I was hoping for.  Users show up just fine in access policies and it seems to be working so I'll just ignore the errors in the log.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card