07-04-2022 05:25 AM
I have only one operational DC from where user Agent are getting userid/ip mapping info. Even though there are 1 other DC added at User agent but other 1 are part of Test Site.
How to confirm which dc actually providing user id and ip mapping to the user agent.
Refer to below doc and based on my current scenario, if technically user agent connecting to one dc which is not listed in user agent while knowing DC's do not share the security events ?
Cisco reference quote
If your Active Directory system has multiple domain controllers, enter the host name or IP address of the domain controller with which you want the user agent to communicate. (Active Directory domain controllers don’t share their security logs so you must have a separate user agent connection to each controller.) In a distributed or heavily trafficked system, you can optionally install more than one user agent as discussed in Deploy Multiple User Agents.**
07-04-2022 08:06 AM
First off, User Agent only captures user login information from WMI, not security events of any kind. A given User Agent can collect information from multiple DCs. You can perform troubleshooting of the user agent using the troubleshooting tool in the installation directory. It will show, among other things, the individual login events and from which source they are received.
07-04-2022 09:22 AM
Hello @Marvin Rhoads
thank you , thanks for the information.
Can you guide me a little bit more which tab it is from the tools item ?
" It will show, among other things, the individual login events and from which source they are received."
07-05-2022 12:51 PM
specially I do not see which source they are received from and that is what I need to know.
07-06-2022 10:06 AM
I don't have one handy to look at since all of my customers have migrated to ISE or ISE-PIC.
I seem to recall it's under the logs setting in User Agent. Set the logging to include debug messages and then look at those messages.
07-06-2022 10:35 AM
I don't have one at handy neither, but I had written a post on my blog about the User Agent and one of the images shows the Logs tab, not sure if this would be helpful though:
07-13-2022 07:21 AM
thank you but i did not get a clue to know from which AD it got the user id info.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide