cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
30179
Views
15
Helpful
42
Replies

Install Cisco Firepower User Agent for Active Directory.

n.avramenko87
Level 1
Level 1

OO!Hello! Have one problem! Install this agent on active directory. (Service working with domain - admin rules) 

In FireSight:

In Policy -- Users add FirePowerAgent (it found active directory -all good!)  and  User Agent (here i check ip address of AD server).

In Firepower User Agent for Active Directory:

In Cisco Firepower User Agent for Active Directory I added host (server AD) - all good it has status - available. 

In FP managment center I added FireSight. But after few minutes its state became unavailable.

I have log:  Unable to report heartbeat to 192.168.0.100. - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond"

But i see that all devices are available. What it is mean? Thank you!!!

42 Replies 42

HELLO! All green! There are no errors. But unfortunately Managment Center does not receive information in user activity. MAy be  I need to wait...

Hello team

If tge posts helped or if its correct please mark them.

You dont have to wait much for receiving user login log off events.

Are you able to create access control policy based on the users? 

Verify that the logging has been enabled in the AD server so that whenever user logon and logoff AD will generate events so that Useragent will send the same to User activities .

Regards

Jetsy

Thank you for your time! I did not create  access control policy based on the users. Is it mandatory?

Hello,

Its not mandatory. Is everything works now ?

Regards

Jetsy

 Thank you. And sorry for the trouble. Can't get that to work.

After this night i have another error in log: Unable to connect to any of the specified MySQL hosts. And Agent does not see Center Again.

Hello,

Looks like there is some intermittent issue. We need to verify the communication towards the Useragent and FMC here from the logs . This time you need to open a TAC request to verify this.I hope the Useragent that you installed is proper . looks like the useragent is crashing in between. Hope you have installed both the installation files of useragent .

Regards

Jetsy 

OOO!Hope you have installed both the installation files of useragent .-What it is mean? I installed only one installation file. https://support.sourcefire.com - here I downloaded installation file. May be this my problem?

Hello Team,

Going ahead , please use the following link.

https://software.cisco.com/download/release.html?mdfid=286278934&softwareid=286271057&release=User%20Agent&flowid=72285

The downloaded file will have an MSI and an EXE file. You need to install both the files.

 We recommend using the EXE file to install since it installs dependencies.

 The User Agent needs a 64 bit SQL Server Compact (SQL CE v3.5 SP2) installed on the machine that it is installed on. The Agent also needs the Microsoft .NET Framework Version 4.0 Client Profile to function.

 

Please verify the same and let us know.

Regards

jetsy 

Thank you! I have done what your sayed me. Reinstall software. But I have error: 

Unable to connect to any of the specified MySQL hosts.

An error occured while fetching encryption bytes from 'C:\UserAgentEncryptionBytes.bin': Specified key is not a valid size for this algorithm.."

I thought that the problem is rights on the files.But I gave full access to files CiscoUserAgent.sdf and UserAgentEncryptionBytes.bin.

Hello,

If you are already using Administrator user for handling teh Useragent and still facing the issue then please open a TAC request. Make sure that there is no permission issue and no antivirus stops this.

Verify the following link to note the permission.

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118637-configure-firesight-00.html

Regards

Jetsy 

OK! Will try! THANK YOU for your help and time!

Hello Team,

Just verify the user permissions in that link and check the status. If still facing the same error then open a TAC request.

Rate and mark correct for the post that helps you 

Regards

Jetsy 

Hello,

Are you still facing the same error ?

Regards

Jetsy 

HELO! No! I have this problem! As far as I understand I can monitor user activity without an agent installed on DC. Try to configure.

Hi,

I'm running into the same issues.

At the moment i'm unable to add my AD server and in the log i'm getting the below:

An error occured while fetching encryption bytes from 'C:\UserAgentEncryptionBytes.bin': Specified key is not a valid size for this algorithm.."

I don't have an anti-virus running on this machine and it's not my DC as well, it's a stand-alone server.

What might be the issue? I'm logged in as local admin with full privileges.

Thanks,

Hicham

Review Cisco Networking for a $25 gift card