03-22-2018 09:37 PM - edited 02-21-2020 07:33 AM
Hi !
I have a error when connecting to AD Server Windows 2016. I have followed all the steps in "https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118637-configure-firesight-00.html" but still get this error "unable to reach security logs on x.x.x.x"
Adding image to get better understanding of the issue. I read somewhere in the forum that although cisco doesnt support windows 2016, some users were able to deploy it on windows 2016 server. Kindly share your thoughts about how I can overcome this issue.
Thanks,
Nandan
Solved! Go to Solution.
03-23-2018 12:04 AM
Hi Nandan,
I have seen implementation where Windows 2016 does work with user agent. Although there is no official doc which says its not.
For the issue you have, I would suggest following.
For just a test, add a user with domain admin privilege and check if that works. If that does, issue is with user privilege.
Check if there are indeed logon events on AD with event ID 4624. If not, you would need to check audit log policy at group/AD level.
You can also enable debug mode in user agent logging which can give more details about the errors if any on the agent itself.
Another way would be to go to event viewer on the same PC/Server where you are installing agent. Use connect to another computer option and use the same credentials and check if you can read security logs (event id 4624 and 4634)
Another thing to keep in mind is if you have the agent on the server 2016 which has AD as well, you cannot use a IP address there. Instead "localhost" needs to be used.
Hope it helps,
Yogesh
03-23-2018 12:25 AM
I have it working on my Server 2016.
Like @yogdhanu said, you definitely need to use localhost if you're running it on the DC itself. That's a WMI limitation, not user agent per se.
03-23-2018 12:04 AM
Hi Nandan,
I have seen implementation where Windows 2016 does work with user agent. Although there is no official doc which says its not.
For the issue you have, I would suggest following.
For just a test, add a user with domain admin privilege and check if that works. If that does, issue is with user privilege.
Check if there are indeed logon events on AD with event ID 4624. If not, you would need to check audit log policy at group/AD level.
You can also enable debug mode in user agent logging which can give more details about the errors if any on the agent itself.
Another way would be to go to event viewer on the same PC/Server where you are installing agent. Use connect to another computer option and use the same credentials and check if you can read security logs (event id 4624 and 4634)
Another thing to keep in mind is if you have the agent on the server 2016 which has AD as well, you cannot use a IP address there. Instead "localhost" needs to be used.
Hope it helps,
Yogesh
03-23-2018 12:25 AM
I have it working on my Server 2016.
Like @yogdhanu said, you definitely need to use localhost if you're running it on the DC itself. That's a WMI limitation, not user agent per se.
03-25-2018 05:37 AM - edited 03-25-2018 05:42 AM
Thanks Yogesh and Marvin :)
Adding "localhost" instead of the IP address helped.
But now i am stuck at "pending state" . I have also disabled the DC windows firewall but still it didnt help.
Any suggestions?
PS: Screenshot was captured when another changes were unsaved. I did save the changes and still 1 day after i am on pending state both for AD as well as FMC.
03-25-2018 05:49 AM
Have you installed both components - the User Agent and the SQL Express bit?
What domain user account are you using? If it's other than a domain admin user, have you tested it as a WMI user as indicated in the setup guide?
There is also a troubleshooting tool in the installation directory. It's "tools.exe". Launch iot and check the various tabs to get some insight into what bit might be broken.
03-25-2018 08:46 AM - edited 03-25-2018 11:16 PM
User Agent and SQL has been installed. Also user is from AD DC Admin group.
Ok . let me check tools.exe and I will get back with the results.
Thanks,
Nandan Mathure
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide