cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
262
Views
2
Helpful
3
Replies

FMC / FTD - Cisco Passive Identity Agent not working

fabiofunaki
Level 1
Level 1

Hello!

 

I need an help! I'm having an issue on the user identify on a FMC. I am using the new Passive Identity Agent.

 

I already opened a Cisco TAC, but they just says me that this is an AD issue and on the FMC and Agent the configuration is good.

 

My deployment is FMC 7.6, FTD 7.2 and AD running on Windows Server 2016.

 

In the CiscoPassiveIdentityAgent.log I found these errors:

 

2024-10-31 09:11:07,802 ERROR - Domain Controller 10.16.0.10 , Error occurred reading history events Invalid query
2024-10-31 09:11:07,802 ERROR - Domain Controller 10.16.0.10 , Error occurred reading history eventsInvalid query

 

Any tip on how to troubleshoot it will help me as I am with no ideas on how to find the error.

 

I attached the agent log with debug enabled.

 

Thanks in advance

 

1 Accepted Solution

Accepted Solutions

nspasov
Cisco Employee
Cisco Employee

Have you looked at the event viewer? More specifically, what is called in this doc? Also, it is probably worth reaching out to Microsoft support if Cisco TAC already reviewed and validated your configuration. 

Thank you for rating helpful posts!

View solution in original post

3 Replies 3

nspasov
Cisco Employee
Cisco Employee

Have you looked at the event viewer? More specifically, what is called in this doc? Also, it is probably worth reaching out to Microsoft support if Cisco TAC already reviewed and validated your configuration. 

Thank you for rating helpful posts!

Hi @nspasov! Thanks a lot!

This document helped me to solve the issue:

- there was no 4768 and 4770 event ID on the log

- I was able to see the logs enabling Audit Kerberos Authentication Service and Audit Kerberos Service Ticket Operations. 

  - The issue happened because on the past someone (we never are able to find who) enabled the Audit Account Lockout.

nspasov
Cisco Employee
Cisco Employee

I am glad I was able to help solve the problem! Also, thank you for taking the time to come back and post the root cause and solution!

Review Cisco Networking for a $25 gift card