About csco11552159

csco11552159 · 09-20-2018

Recently we are trying to add new DCs into PassiveID list to use WMI monitoring. The problems how ISE find the DCs, in our Dev environment, we found some DCs are missing from the list. and we have no way to add them. when use : nltest /dclist:dev ...

csco11552159 · 08-20-2018

Hi, if we are using WMI to monitor all our DCs( over 100 in 2 forests), the account we used for WMI has to change the password every year ..... Is there a way to do a bulk edit to update the password? 2nd question, we have local PSN cluster and DC...

csco11552159 · 07-11-2018

i m following the PIC document: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/pic_admin_guide/PIC_admin/PIC_admin_chapter_01000.html#task_784A7…when we talk to our Corp Sec and ID team for changing registry key to allow our account with full...

csco11552159 · 07-06-2018

i got TS agent working with ISE 2.2 .on ISE 2.2, I can see the User ID, IP and Port range mapping in live session table.But on FMC, it doesnt show these information.If i use TS agent directly sent to FMC, it will work. Is this some kind of bug betwe...

csco11552159 · 06-27-2018

Hi folks,we are going to enabled PIC feature and pxgrid feature on our production ISE.What is the best practice of deployment PIC feature and pxgrid ?Do we need dedicated PSN for PIC features? And do we need dedicated nodes for pxgrid?

csco11552159 · 09-24-2018

what if we deploy PSN to each "Site", witll ISE use site based DNS resolution to find all DC? we do have all site based DNS resolution. If ISE is using this way, it should be able to see all DC at the "site".

csco11552159 · 09-21-2018

checked with our AD admin, our DNS only resolve some of DC based on domain but ISE seems not to use API or similar cmd like" nltest /dclist:xxx.com" to resolve the DCs. if this is the case, PassiveID wont work for lots cases especially when large a...

csco11552159 · 09-20-2018

Opened a ticket with TAC wait for some updates. Psn with passive ID enabled only see the "site" DC which are auto associated with. Passive wmi should see everything ..

csco11552159 · 09-20-2018

we saw the same result for other domains. it seems site impacted PassiveID DCs....

csco11552159 · 09-04-2018

i see. thank you. Do you know if there is a session limitation? Like Agent method, in the document mentions that each agent can monitor 10 ADs. Is there a limitation for WMI to monitor ADs ?

Member Since	‎02-15-2015 07:01 PM
Date Last Visited	‎12-05-2018 11:00 AM
Posts	97
Total Helpful Votes Received	32

User Statistics

User Activity

PassiveID add Domain Controller (missing DC)

ISE PIC WMI Questions

PIC identity mapping question about DCOM and WMI Registry key

ISE cannot sent TS port range to FMC

ISE enable PIC feature

Re: PassiveID add Domain Controller (missing DC)

Re: PassiveID add Domain Controller (missing DC)

Re: PassiveID add Domain Controller (missing DC)

Re: PassiveID add Domain Controller (missing DC)

Re: ISE PIC WMI Questions