1.  The machine should be part of the windows domain (this applies to both the end user's machine and the machine the ID Agent is installed on)
2.  File Sharing should be enabled on the end user's machine; also need to start "File Sharing"& Net Logon services on the machine where the ID
Agent is installed
3.  "Remote Registry" Service should be enabled on end user's machine
4.    If you have to leave Windows Firewall enabled, then do the
following:

       - on end user's machine, only "File and Printer Sharing" should be in the exception list, 'WMI' is not necessary.
      -  on the machine where the ID Agent is installed on, we need to add "File and Printer Sharing" into exception list and add Port 65015 into
           exception list.

5. A simple test would be to telnet via tcp port 445 to the client PC  from the DC or member server that has the ID Agent installed.

You can read here: http://www.cisco.com/en/US/docs/security/csc/csc63/administration/guide/csc6.html

- watch the security event logs on domain controllers for events indicating that a logon has occurred.
- idagent learns the IP and user ID from this event
- the userid to ip mapping is not valid until the agent can "validate" that it is correct information
- validation is done by establishing a connection from the idagent  machine to the desktop PC on TCP/445. It is connecting to the remote  registry service.
- if this step fails, we log a debug message on the agent saying  something to the effect of "UID validation failed for xxx.xxx.xxx.xxx  ()
- the error number is important here... If my memory serves right 53 = timeout and 5 = incorrect credentials

Error 53 can be caused by:
- firewall running on the desktop blocking TCP/445 connections from the id agent machine
- the "remote registry" service not running on the desktop PC. Windows 7 has this service turned off by default.
- "RPC service" not enabled on desktop PC

  The first error (53) could be caused by:

1) Remote Registry Service not enabled on 192.168.1.225 (sample IP)
2) RPC Server service not enabled on 192.168.1.225
3) Client firewall enabled on 192.168.1.225 (windows Firewall) that blocks
the TCP/445 connection.
4) Host machine 192.168.1.225 was not running when it tried to poll the
machine.

Error 5:
- non domain administrator credentials programmed into the CSC GUI under "user id settings"
- re-enter the domain admin details on that page and hit save.

-KS

Dear KS,

Whats the problem in my case?while CSC succesfully added ad controller aswell as agent I can call any group and user from windows 2008 R2 64bit AD.

Do I need to perform these activities?

Regards,

Azhar

Yes you do. Pls. make sure to run through the check list that I provided above.

-KS

In my case everything is looks fine no error message appears.

How can i check request are coming from csc and ad ack that req?

Regards,

Azhar