Context Directory Agent server 2012R2

Similar Messages

• Context Directory Agent Path not found

  I am trying to connect Cisco Context Directory Agent to my AD 2012r2 server,
  Went through the setup guide and changed all needed register keys, firewall rules, DOCOM and wmimgmt permissions,
  I got passed the access denied error, but now I am getting a "The system cannot find the path specified. [0x80070003]" error.
  Here is my log.
  wmi-property exception-stack org.jinterop.dcom.core.JIComServer.init(JIComServer.java:580)
  org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
  org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
  com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:609)
  dc-hostname maddcr2.xxxxxxx.local/10.1.0.19
  dc-name xxxxx
  exception-cause org.jinterop.dcom.common.JIRuntimeException: The system cannot find the path specified. [0x80070003]
  wmi-class Win32_NTDomain
  exception-message The system cannot find the path specified. [0x80070003]
  wmi-property DomainName
  dc-username _zxxxxx
  Thank you,

  Are you're running CDA 1.1 with Patch 1:
  cda-patchbundle_1.0.0.011-1.i386.tar.gz
  Support for Windows 2012 server was added in patch 1. Enable
  this patch using the command:
  admin# patch install cda-patchbundle_1.0.0.011-1.i386.tar.gz myrepository
  (see step 2a below for setting up a repository)
  Refer :
  http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html#wp1061521  

• Need of Context Directory Agent

  Hi all
  I downloaded from CCO CDA (Cisco Directory Agent - filename is AD_Agent-v1.0.0.32.1-build-598.Installer.zip) and installed it. The goal is to authenticate users of WSA using Windows Server 2003 Active Directory.
  During deployement I discovered CDA supports until W2008R2 AD servers. Because customer plans to migrate soon AD to Windows Server 2012, I think CDA has to be replaced. 
  Is Cisco Context Directory Agent the right replacement? I read it  runs on a separate Virtual Machine, so I need to inform customer we need an additional VM?
  Thanks in advance

  What you downloaded was the old Active Directory Agent. You need to download CDA (Context Directory Agent) and the four patches and install them on a VM. Download link here: https://software.cisco.com/download/release.html?mdfid=282803423&flowid=4949&softwareid=284724387&release=CDA&relind=AVAILABLE&rellifecycle=&reltype=latest

• Context Directory Agent ipv4 and ipv6 mappings

  I have the context directory agent 1.0 patch 2 installed and running.  It works good mostly.  We have a duel stack running ipv6 and ipv4 on our workstations.  They connect to the AD with ipv6, so the mapping is for ipv6.  Is there a way to get the ipv4 mappings?
  We need to map both addresses for the Web Filtering on the CX.

  Same question.

• What is the new Cisco Context Directory Agent?

  Hi Everyone.
  I noticed on the ASA software download page the new Content Directory Agent (~800MB).  I could not find any release notes nor other references from a Google search.
  http://www.cisco.com/cisco/software/release.html?mdfid=280582808&softwareid=280775065&release=8.4.4.ED&flowid=4822
  What is it?
  A

  Context Directory Agent is the successor product to AD agent. It provides similar functionality buit comes with Linux distribution and has a GUI based interface. You are right that at the link you gave there is no documentation posted. Will need to dig around
  The release notes for the AD Agent product are at: http://www.cisco.com/en/US/docs/security/ibf/release_notes/ibf10_rn.html

• One Microsoft Server 2003 R2 (small business server) doesn't connect to Context Directory Agent

  I have 2 DC's and I'm trying to get the cda to connect to both dc's.  Both are 2003 R2 but the one I'm having trouble with is Small Business Server.  I've double checked security settings and firewalls, but I'm still receiving the error on one server only. 
  All help is appreciated.
  The error I'm getting is:
  Log attributes
  wmi-property
  exception-stack
  org.jinterop.dcom.core.JIComServer.init(JIComServer.java:576)
  org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
  org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
  com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:169)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:201)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:605)
  dc-hostname
  email.houstonarmature.local/192.168.1.1
  dc-name
  Email
  exception-cause
  java.io.IOException: Socket Closed
  wmi-class
  Win32_NTDomain
  exception-message
  An internal error occurred. [0x8001FFFF]
  wmi-property
  DomainName
  dc-username
  hawadmin

  Hi Toby,
  Just an addition. Did you use an administrator account to logon the RWA and then connect to the remote computer?
  Did encounter the same issue?
  Meanwhile, please refer to following threads and check if can help you.
  RD
  Gateway - Unable to connect via IP (Netbios, FQDN work fine)
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Context Directory Agent maps the Active Directory Anti-Virus user

  Hi,
  Today I was able to join a couple of CDA's to our Active Directory domain (2008 R2 DC's) using a non-privileged account and the CDA maps (most) users to IP addresses.
  I would like to use the CDA solely for building up firewall policies based on AD details whenever possible
  as maintaining granular firewall policies on 8 different ASA's is too time consuming as we are not a large IT organization.
  But, after deploying the first "AD Group" based rule, it turned out, that the AD user-account mapped to the IP address of my PC was actually a domain user, running the local anti-virus engine, and not my own.
  It makes total sense that the the anti-virus user is logged on to the PC before any user, so it can do "its thing",
  but my own user-account is never mapped. 
  CDA was able to map certain users to an IP address, even though the anti-virus user is actually logged on to the PC before them.
  Has anyone deployed Identity Based Firewalling and experienced something which resembles this scenario and were you able to do any workarounds?
  I looked into filtering out the logon events (for the Sophos user-account) from the Windows Security logs,
  so the CDA will not be able to map these, but it seems a bit far fetched, and would probably violate a security policy or two :)
  Cheers, Søren Elleby Sørensen

  I opened a case and they refer me to bug CSCun10631.
  (CDA doesn't support 2012R2).
  the good news is that a new patch (3) should be release this month (July) and will include support.

• Cisco Context Directory Agent - Windows logs - Forwarded events

  Hello,
  I have a setup testing with Cisco ASA, Cisco CDA and MS 2012 R2. All this works fine. Only problem I encountered is that I want to read the forwarded events on the AD LDS server instead of the security events.
  So in small words is it possible to connect CDA agent with wmi to forwarded events instead of security logs?
  Is this possible?
  Thanks,
  Mark Post

  Hi,
  I applied the solutions mentioned above, but now i get the below error. Domain still shows as down.
  wmi-property
  exception-stack
  org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:158)
  org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
  org.jinterop.dcom.core.JISession.releaseRef(JISession.java:805)
  org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:777)
  com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:40)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:83)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:599)
  dc-hostname
  dc-name
  exception-cause
  java.net.ConnectException:       Connection timed out
  wmi-class
  Win32_NTDomain
  exception-message
  An internal   error     occurred. [0x8001FFFF]
  wmi-property
  DomainName
  dc-username
  Any Idea on the error?
  Thanks.

• IronPort WSA S170 and Context directory agent

  Hello people and experts,
  I need your consultation regarding IronPort and CDA deployment.
  I couldn't find any information in internet...
  So my question is - if IronPort is AD domain member and Explicit forward proxy is planned to be used. Do I need CDA to be deployed? What will happen if I don't want to deploy CDA in my environment?
  As I understood CDA is useful when IronPort works as Transparent Proxy or if IronPort is not a member of the same domaiin as users.
  Please advise.

  The CDA eliminates the need for NTLM authentication.  Once a user logs onto their computer in the morning and authenticates to the domain, the CDA will have received a successful audit event/log that informs it that user X is signed on to IP address X.  When the WSA needs to find out who is on this IP address, instead of using NTLM to challenge the client machine, it will ask the CDA who signed on this particular IP address.  Once it gets the user name, the WSA will proceed as usual and query the AD to determine the group membership of that particular user.

• Context Directory Agent VM Requirements

  The CDA installation guide has a few undocumented issues around the vmware requirements. I have ran into issues that are documented on the forums such as the scsi controller and the nic settings.
  here is a thread of the lsi controller that must be selected for the CDA installation to run -
  https://supportforums.cisco.com/thread/2235247
  Also the nic adapter is not detected if I choose to use anything other than flexible. Is this a bug in CDA?
  Thanks,
  Tarik Admani
  *Please rate helpful posts*       

  Ken,
  Thanks for your help. My customer has other nics that they build their virtual machines and it was a little challenging in understanding if the flexbile adapter must be selected since the documentation only covers the OS used for the install.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Error While installing Visual Studio 2005 in windows server 2012R2

  Hi Team
  One Help
  I am using windows server 2012R2.I want to install visual studio 2005.
  i downloaded VS 2005 from :
  http://www.microsoft.com/en-us/download/details.aspx?id=804
  while installin i am getting this error : 
  "the upgrade patch cannot be installed by the windows installer service because the program to be upgraded or missing or upgrade patch may update a different version of the program.Verify that progam to be upgraded on exiting computer that you have
  the correct upgrade patch"
  PLease help us.
  Thanks,
  Bob

  Hi Gopi,
  Are you trying to add the hosts to your OEM 12c, and then choosing "Deploy Agent"?
  Please check this error message about the image file..
  The image file C:\oracle\core\12.1.0.2.0\jdk\bin\java.exe is valid, but is for a
  machine type other than the current machine.
  "Validating OMS_HOST & EM_UPLOAD_PORT failed."
  If the agents are deployed earlier from another OEM12c server, please undeploy them and then try.
  Thanks,
  Rajiv.

• SLP Directory Agent (port 427) - internal network goes down

  Due to some VPN problems with corporate headquarters, I had to switch out my current firewall (Instagate EX2) with a new SonicWall. Whenever we tried to switchover to the new SonicWall, my entire internal network went down. I was not able to login to the different Xserves for their appropriate services. Examples included the email server, FTP server, and a special application server we use for news editing. All Xserves run OS X Server 10.4. Our clients range from PowerMacs to Mac Minis and Mac Pros - all running OSX 10.4 with a few running 10.3. Symptoms of problems include when trying to connect to the email server, it just sits saying "Connecting to 10.1.2.x...", same thing for the FTP services. The newsroom software, that usually takes a 1 - 2 seconds to log into, then takes 45 seconds or so. Several techs looked at the problem without any suggestions about what to do to fix it.
  We have a Juniper Netscreen router provided by our ISP that connects to the Instagate firewall and to the network itself. Upon looking at the logs, it was discovered that the OS X stations IPs were using a port 427 - which is used by SLP. One of the techs said that is what is taking our network down when we disconnect the Instagate router from the network (because it evidently is passing this SLP traffic onto the Netscreen router). So when the Netscreen router comes off the network, none of the services on the Xserves work because of this. They said I needed to disable the port 427 on the Netscreen, but if I do this, isn't this having the same effect as taking the network down. Then it was told to me to setup a Directory Agent to handle this traffic. But they didn't provide any instructions to me on how to setup this up on the network or on OS X Server.
  Does anyone have any guidance or suggestions regarding this?
  Thanks,
  G

  I had the ISP's tech in today with proper network analysis software to see what's going on.
  We discovered that it is not SLP that is causing problems as one tech had suggested. Anytime that the internet access was disconnected from the network, the access to services on the OS X Servers go down or are extremely slow. So we began to look at the DNS entries and realized if we removed DNS then the servers refused access, if DNS entries were made (using OpenDNS), then the servers work.
  For example, we use the mail server component of OS X Server 10.4 for our email services. We cannot access the internal server (via IP) without the XServe having an entry in DNS. Put in OpenDNS servers, and things work like they should. The same scenario applies to any services (FTP, NewsEdit, etc.) that's on the OS X Servers. I guess what I'm not understanding is why does everything work internally as long as the OS X Servers have something listed for DNS - even though the DNS is an external DNS IP? Because it is external outside of the network, it's not like the mail server or clients are resolving the private IPs (which there's nothing to resolve since use IP numbers for connection purposes).

• Logs are lost frequently in Remote Agent Server

  Hi All,
  ACS 4.2 and remote agent was working properly two months before. But in past two months we are facing weird issue in RA server.For Somedays we are missing logs from both ACS and RA server. Once we notice this we use to restart the services in ACS to give workaround. But due to this we loose our daily logs intermittently and facing risk in without having logs.
  This is not like communication between ACS and RA is not at all happening. It happens properly for a week or month, but again it is going bad without any config change.
  CSAgent.ini file is properly configured.
  Full version is 4.2.1.15 and patch is 10 in acs and ra.
  ACS and Remote Agent Major and Patch version are same.
  Any help would be highly appreciated.
  Thanks.

  Do you see the same intermittent logging issue with all services like csauth, rds, tcs etc.
  Could you plz. provide the cslogagent file from the remote agent server when you see this issue happening.
  C:\Program Files\Cisco\CiscoSecure ACS Agent\CSLogAgent\Logs
  Steps to gather msinfo32
  - Click the Start button.
  - Click the Run option.
  - Type "msinfo32" into the box and press Enter.
  - Click "System Information."
  - Choose "Save as System Information File" from the "Action" menu.
  - Open an appropriate directory, or something easy like the desktop.
  - Type "MSInfo32" into the Filename box and press Enter.
  - Wait several minutes for the program to collect and save information
  Did you check whether cisco remote agent server is excluded for being scanned by AV?
  Jatin Katyal
  - Do rate helpful posts -

• Lync 2013 Publish Topology Failed in window server 2012R2

  Scenario
  Lync Enterprise Edition!
  Windows Server 2012R2 - LyncServer 2013 
  WIndows Server 2008R2 - Sql 2008 R2 Failover Cluster (Multiple Database and Instances Created) 5 Others Application Database also Created which has been used.
  DNS Entries 
  HOst Name :
  LYNCFE.consoto.com
  Pool.consoto.com    (Host Name Created Same IP as Lync Frontend Server)
  dialin.consoto.com
  meet.consoto.com
  admin.consoto.com
  DBLYNC.consoto.com 
  Virtual Instant Name of Sql Database and Instance name : DBLYNC\Lynccore
  Permission Rights:
  I am using the Administrator account for Lync 2013 Installation.
  Domain Administrator Account Member to CSAdministrator group and RTC Universal Server admin group.
  SQL sysadmin Account member Sqladmin and Domain administrator User. 
  ShareFolder-Lyncshare on Storage.consoto.com
  Permission: 
  Everyone Read-write
  RTCComponentUniversalServices Read-write
  RTCHSUniversalServices Read-write
  RTCUniversalServerAdmins Read-write
  RTCUniversalConfigReplicator Read-write
  Virtual Computer Name DBLYNC$ Full control
  Issue : I have create one topology and try to publish but getting error.Log Detail Below
  Feature: CentralMgmtStore
  SQL Instance: domain-name.com\lynccore
  Collocated: False
  Found "RTCUniversalServerAdmins": True
  Found "RTCUniversalConfigReplicator": True
  Found "RTCUniversalReadOnlyAdmins": True
  TaskFailed: Task execution failed.
  Error:The network name cannot be found.
  ▼ Details
  └ Type: IOException
  └ ▼ Stack Trace
  └ at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
  at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, Object dirSecurityObj, Boolean checkHost)
  at System.IO.Directory.InternalCreateDirectoryHelper(String path, Boolean checkHost)
  at Microsoft.Rtc.Common.Data.DatabaseManager.CreateDatabase(String dbFileBase, String dbPath, String logPath, Int32 dbSizeMB, 
  Int32 logSizeMB, Int32 dbGrowthMB, Int32 logGrowthMB, Int32 maxDbSizeMB, Int32 maxLogSizeMB)
  at Microsoft.Rtc.Common.Data.DatabaseManager.CleanInstallDatabase(String dbFileBase, String initialScripfilePath, String 
  dbPath, String logPath, Int32 dbSizeMB, Int32 logSizeMB, Int32 dbGrowthMB, Int32 logGrowthMB, Int32 maxDbSizeMB, Int32 
  maxLogSizeMB)
  at Microsoft.Rtc.Common.Data.DbSetupBase.CleanInstallDatabase()
  at Microsoft.Rtc.Common.Data.DbSetupBase.CreateOrUpdateDatabase()
  at Microsoft.Rtc.Common.Data.XdsDatabase.CreateOrUpdateDatabase()
  at Microsoft.Rtc.Management.Deployment.Tasks.DatabaseCreator.CreateDatabaseForFeature(String featureName, Boolean clean, 
  Boolean update, String sqlServer, String instanceName, Boolean collocated, Boolean backup, Boolean noreindex, 
  DatabasePathAssignment[] pathAssignments, Boolean broadCast, String& logfile)
  at Microsoft.Rtc.Management.Deployment.installdatabaseCmdlet.CreateDatabaseForFeature(Planitem i)
  at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog[T](Action`1 action,T arg)
  TaskFailed: An error occurred while creating or updating the database for feature CentralMgmtStore. For details, see the log 
  file ‘C:\Users\Administrator\AppData\Local\Temp\2\Create-CentralMgmtStore-domain-name.com_lynccore-[2014_07_09]
  [11_40_46].log’
  TaskFailedResolution: Consult exception information and previous errors for more information on how to resolve this error.
  Error: An error occurred: "System.IO.FileNotFoundException" "The network name cannot be found"
            

  SQL Scenario
  Windows Server 2008R2 - Sql 2008 R2 Failover Cluster (Multiple Database and Instances Created) 5 Others Application Database
  also Created on  the Failover Cluster.
  Failover SQL Cluster
  Active                 
    Passive
  Computer Name: Cluster1.Consoto.com                        
  Computer Name : Cluster2.Consoto.com
  ping cluster1.consoto.com reply IP 192.168.0.30 from Lync FE     
  ping cluster2.consoto.com reply  IP 192.168.0.31 from Lync FE
  SQL Database DBLYNC IP is 192.168.0.40 and also reply from Lync Server

• Upgrading 2012 Domain Controllers to server 2012r2

  I need to upgrade our 3 production DCs running server 2012 to server 2012r2 and wanted to know what's the best way to do this. 
  Francisco Mercado Jr.

  DVUA,
  I agree with a fresh install. Upgrades can be problematic, you never know, and it's really not worth taking a chance with a production environment.
  Besides, DVUA, what is holding you back from performing a fresh install? Is there something on the machines that you are trying to preserve? If there isn't anything, I would go ahead and blow them away and install a fresh 2012 R2 copy.
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.