Cisco Firepower User Agent For AD and Firepower 6.3

tank28m45 · ‎12-11-2018

Hello,

I use Cisco ASA 5516-X with Firepower.

After upgrade to Firepower Service 6.3.0 my Cisco Firepower Agent for AD can not connect to Firepower Services.

6.2.x - work perfect.

Error : Report login information from localhost to x.x.x.x failed after xx/xx/2018 xx:xx:xx PM. [The handshake failed due to an unexpected packet format.]."

This is very like this bug :

https://community.cisco.com/t5/firepower/install-cisco-firepower-user-agent-for-active-directory/td-p/2897634

Version firepower: 6.3.0-83
Version User Agent: 2.3.10 (on Windows 2019 Server)

Need help.

Marvin Rhoads · ‎12-11-2018

I upgraded my FMC to 6.3 and it is continuing to work OK with User Agent 2.3 on Windows server 2018.

I'd recommend doing a packet capture between the host running User agent and FMC and getting more detail on why the handshake is failing.

You can open a TAC case but they may tell you that Server 2019 is not officially supported for User Agent. You can always run the agent on a separate system and still point it to your Server 2019 (for the user-ip mapping) and FMC (for the reporting)

https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/23/config-guide/Firepower-User-Agent-Configuration-Guide-v2-3/ConfigAgent.html#36512

Prerequisites for Installing the User Agent

The Windows computer must meet the following prerequisites:

The computer is running Windows Vista, Windows 7, Windows 8, Windows Server 2008, or Windows Server 2012. For security reasons, we recommend you install the user agent on a domain computer and not on the Active Directory server computer.

tank28m45 · ‎12-11-2018

I try on Windows 2016 Server and on 3 different ASA Firepower devices.The same error.
6.2.x.x work on Windows Server 2019 and Windows Server 2016

Marvin Rhoads · ‎12-12-2018

That's odd. My FMC 6.3 was also an upgrade from 6.2.3.7. The behavior of User Agent didn't change at all for me.

tank28m45 · ‎12-12-2018

I will try to clean install and tell about results.

tank28m45 · ‎12-12-2018

Clear install 6.3.0 - the same error. I think this is bug.

Marvin Rhoads · ‎12-13-2018

Are you by chance using EC certificates on your FMC? If so, this bug may also apply:

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn10754

tank28m45 · ‎12-13-2018

I do not use FMC. I use Firepower Services on ASA 5516-x.

Marvin Rhoads · ‎12-13-2018

OK, understood.

I'd definitely open a TAC case if you believe you are hitting a bug. It helps prioritize the fix.

tank28m45 · ‎12-13-2018

Yes. Rollback to 6.2.3.7. All work perfect.

tank28m45 · ‎02-22-2019

6.3.0.1 - the same error.

Somebody cab fix that? WTF?

tank28m45 · ‎02-23-2019

Firepower 6.2.x use MySQL 5.6. Firepower 6.3.x use Mariadb 10.2.
This is bug or trouble Mariadb. Windows can not establish SSL connection to Mariadb on Firepower Services.
Very like this
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva32331/?rfs=iqvred

erickflamenco · ‎01-04-2021

Hi Experts

Do you know if Firepower User Agent 2.3 or 2.4 can query to Active Directory running on windows server 2019?

Thanks

tank28m45 · ‎02-23-2019

Firepower Agent Use Mysql 5.6 library. Furepower Services use Mariadb 10.2.

Something not compatible. I think agent must be change for work with Mariadb .