Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1335
Views
0
Helpful
6
Replies

What is this email alert: TUI-AD: All AD agents are down for realm Windows?

keithsauer507
Level 5
Level 5

‎03-24-2014 07:27 AM

I added our IT group e-mail to the Ironport S160 to be alerted when product keys are about to expire.  Our IronPort C160 e-mail filter does this but the S160 did not.

 

We periodically get this email:

 

Subject: Critical <System> webfilter.domain.com: TUI-AD: All AD agents are down for realm Windows

 

The Critical message is:

TUI-AD: All AD agents are down for realm Windows

Product: Cisco IronPort S160 Web Security Appliance

Model: S160

Version: 7.5.1-079

Serial Number: (removed for public posting)

Timestamp: 24 Mar 2014 07:20:27 -0400

 

 

Any idea what this means?  Everything is working normally.  How can I stop this message?

Labels:
0 Helpful
6 Replies 6

Tom Foucha
Cisco Employee
Cisco Employee

‎03-26-2014 12:12 PM

Check Network/Authentication and see if you configured the AD Realm with Transparent User Identification. If you did and are not using CDA (Context Directory Agent) then remove just the TUI configuration and leave your AD configuration.

0 Helpful

keithsauer507
Level 5
Level 5
In response to Tom Foucha

‎03-26-2014 12:22 PM

Yes that is checked off.  It is pointing to one of our servers that is running our certificate services and anti virus console.  Would there be something installed on that server I should be looking for?  Nothing Cisco or IronPort is listed in the start menu.

0 Helpful

Tom Foucha
Cisco Employee
Cisco Employee
In response to keithsauer507

‎03-26-2014 12:26 PM

It should only be pointing to a Cisco CDA server. If you are not running Cisco CDA then uncheck use TUI and the messages will stop. CDA is not a Windows program, it is a standalone vm server running a linux kernel and our CDA processes.

0 Helpful

keithsauer507
Level 5
Level 5
In response to Tom Foucha

‎03-26-2014 12:29 PM

Upon further investigation in services.msc on that server I see a Cisco AD Agent.  I did some digging on this service and its located in C:\IBF.

First why is it called IBF?

Second, whats in here is this:

\adObserver

\CLI

\radiusServer

\watchdog

AD_Agent.Uninstaller.exe
AD_Agent-version-1.0.0.32.1-build.598.IBF

 

 

The emails came in at these times

3/24 11:59 PM

3/24 7:20 AM

3/23 12:59 AM

3/23 12:06 AM

3/22 10:56 PM

3/22 1:20 AM

3/21 12:52 PM

3/20 10:51 PM 

 

0 Helpful

Tom Foucha
Cisco Employee
Cisco Employee
In response to keithsauer507

‎03-26-2014 12:41 PM

Ah the often forgotten about AD Agent was the predecessor the CDA. It is a command line utility that collects login data and feeds it to ASA and WSA can query it also. I suggest you check with whomever installed it and/or your partner. If necessary contact Cisco TAC for assistance.

0 Helpful

keithsauer507
Level 5
Level 5
In response to keithsauer507

‎03-26-2014 12:44 PM

I guess maybe we are using this because I found in C:\IBF\adObserver I changed logconfig.cfg to log_verbose.  I restarted the service, and that generated an email.  But now I have a log called ADObserverLog and in there I can see what looks like timestamps, windows user names, entityID which is the IP address of the workstation that user is signed into (I know because I searched myself).

So maybe we would either add another one for high availability or just turn off email alerts and use outlook calendar reminders to remember when to renew our keys.

0 Helpful
Customers Also Viewed These Support Documents