cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2501
Views
0
Helpful
5
Replies

Firepower User Agent 2.3 Not Running

noisey_uk
Level 1
Level 1

Firepower User Agent 2.3 installed on Windows Server 2012 R2 (clean install)

SQL Server Compact 3.5 SP2 32-bit Installed

SQL Server Compact 3.5 SP2 64-bit Installed

.NET Framework 4.0 not required due to OS version

Added into FMC

All is fine until I add the FMC details to the User Agent. The FMC changes to Available then (silently) the Service stops. When I try to restart the service it changes to Running for 1-2 seconds then back to Not Running. Event Viewer shows two errors:

Faulting application name: AgentService.exe, version: 1.0.0.0, time stamp: 0x55b90ea6
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18938, time stamp: 0x5a7ddf0a
Exception code: 0xe0434352
Fault offset: 0x0000000000008eac
Faulting process id: 0x598
Faulting application start time: 0x01d43a50ee5987a6
Faulting application path: C:\Program Files (x86)\Cisco Systems, Inc\Cisco Firepower User Agent for Active Directory\AgentService.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 2c33609c-a644-11e8-80cc-005056a31829
Faulting package full name:
Faulting package-relative application ID:

Application: AgentService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Threading.Monitor.Enter(System.Object)
at SFCommon.SFUtil.CopyHash(System.Collections.Hashtable)
at Service.DataSynchronizer.BringSourcefireDCUpToDate(System.String, System.String, System.Collections.Hashtable, System.String)
at Service.DCReporter.CheckDCStatuses(System.Collections.ArrayList, System.Collections.Hashtable, System.String)
at Service.ServiceSimulator.SourcefireDCCheckerWork()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

 

I've tried uninstalling and reinstalling everything but no luck. Any ideas?

5 Replies 5

Greg Smalley
Level 1
Level 1

The account you use to run the Agent requires "Logon as a service" rights as well as the ability to write to C:\ which can be obtained my making it an administrator of the local machine.

  1. Open up Windows services (services.msc)
  2. Find the "Cisco Firepower User" service
  3. Change Service Logon to service account user you will be using. This will grant Log on as a service right
  4. Open your Windows User Accounts
  5. Open the Local Administrators group
  6. Add your service account the local administrators
  7. Your Service Account must also have the ability to monitor Event logs on your domain controllers. This can be accomplished by adding your service account to the built in Domain group "Event Log Readers".

Thanks for your suggestions Greg. Unfortunately I already tried all of those too. In addition to the service stopping when FMC is added, it refuses to add an AD server. I've used ldp.exe to check that a bind works from that machine using the same credentials and it's fine. I've had to open a TAC case.

Have you tried stopping the service and deleting "C:\UserEncryptionBytes.bin" ?

I have. I did that as part of the reinstallation steps too.

Hey,

how did you get the problem solved?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: