cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3807
Views
0
Helpful
13
Replies

Cisco Firepower User Agent For AD and Firepower 6.3

tank28m45
Level 1
Level 1

Hello,

 

  I use Cisco ASA 5516-X with Firepower.

After upgrade to Firepower Service 6.3.0 my Cisco Firepower Agent for AD can not connect to Firepower Services.

6.2.x - work perfect.

Error : Report login information from  localhost to  x.x.x.x failed after xx/xx/2018 xx:xx:xx PM. [The handshake failed due to an unexpected packet format.]."

This is very like this bug : 

https://community.cisco.com/t5/firepower/install-cisco-firepower-user-agent-for-active-directory/td-p/2897634

 

Version firepower: 6.3.0-83
Version User Agent: 2.3.10 (on Windows 2019 Server)

 

Need help.

13 Replies 13

Marvin Rhoads
Hall of Fame
Hall of Fame

I upgraded my FMC to 6.3 and it is continuing to work OK with User Agent 2.3 on Windows server 2018.

 

I'd recommend doing a packet capture between the host running User agent and FMC and getting more detail on why the handshake is failing. 

 

You can open a TAC case but they may tell you that Server 2019 is not officially supported for User Agent. You can always run the agent on a separate system and still point it to your Server 2019 (for the user-ip mapping) and FMC (for the reporting)

 

https://www.cisco.com/c/en/us/td/docs/security/firesight/user-agent/23/config-guide/Firepower-User-Agent-Configuration-Guide-v2-3/ConfigAgent.html#36512

Prerequisites for Installing the User Agent

The Windows computer must meet the following prerequisites:

  • The computer is running Windows Vista, Windows 7, Windows 8, Windows Server 2008, or Windows Server 2012. For security reasons, we recommend you install the user agent on a domain computer and not on the Active Directory server computer.

I try on Windows 2016 Server and on 3 different ASA Firepower devices.The same error.
6.2.x.x work on Windows Server 2019 and Windows Server 2016

That's odd. My FMC 6.3 was also an upgrade from 6.2.3.7. The behavior of User Agent didn't change at all for me.

I will try to clean install and tell about results.

 

 

Clear install 6.3.0 - the same error. I think this is bug.

Are you by chance using EC certificates on your FMC? If so, this bug may also apply:

 

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvn10754

I do not use FMC. I use Firepower Services on ASA 5516-x.

 

OK, understood.

 

I'd definitely open a TAC case if you believe you are hitting a bug. It helps prioritize the fix.

 

Yes. Rollback to 6.2.3.7. All work  perfect.

6.3.0.1 - the same error.

Somebody cab fix that? WTF?

Firepower 6.2.x use MySQL 5.6. Firepower 6.3.x use Mariadb 10.2.
This is bug or trouble Mariadb. Windows can not establish SSL connection to Mariadb on Firepower Services.
Very like this
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva32331/?rfs=iqvred

Hi Experts

 

Do you know if Firepower User Agent 2.3 or 2.4 can query to Active Directory running on windows server 2019?

 

Thanks

tank28m45
Level 1
Level 1

Firepower Agent Use Mysql 5.6 library. Furepower Services use Mariadb 10.2.

Something not compatible. I think agent must be change for work with Mariadb .

Review Cisco Networking for a $25 gift card