Need of Context Directory Agent

Similar Messages

• Context Directory Agent Path not found

  I am trying to connect Cisco Context Directory Agent to my AD 2012r2 server,
  Went through the setup guide and changed all needed register keys, firewall rules, DOCOM and wmimgmt permissions,
  I got passed the access denied error, but now I am getting a "The system cannot find the path specified. [0x80070003]" error.
  Here is my log.
  wmi-property exception-stack org.jinterop.dcom.core.JIComServer.init(JIComServer.java:580)
  org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
  org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
  com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:609)
  dc-hostname maddcr2.xxxxxxx.local/10.1.0.19
  dc-name xxxxx
  exception-cause org.jinterop.dcom.common.JIRuntimeException: The system cannot find the path specified. [0x80070003]
  wmi-class Win32_NTDomain
  exception-message The system cannot find the path specified. [0x80070003]
  wmi-property DomainName
  dc-username _zxxxxx
  Thank you,

  Are you're running CDA 1.1 with Patch 1:
  cda-patchbundle_1.0.0.011-1.i386.tar.gz
  Support for Windows 2012 server was added in patch 1. Enable
  this patch using the command:
  admin# patch install cda-patchbundle_1.0.0.011-1.i386.tar.gz myrepository
  (see step 2a below for setting up a repository)
  Refer :
  http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html#wp1061521  

• Context Directory Agent ipv4 and ipv6 mappings

  I have the context directory agent 1.0 patch 2 installed and running.  It works good mostly.  We have a duel stack running ipv6 and ipv4 on our workstations.  They connect to the AD with ipv6, so the mapping is for ipv6.  Is there a way to get the ipv4 mappings?
  We need to map both addresses for the Web Filtering on the CX.

  Same question.

• What is the new Cisco Context Directory Agent?

  Hi Everyone.
  I noticed on the ASA software download page the new Content Directory Agent (~800MB).  I could not find any release notes nor other references from a Google search.
  http://www.cisco.com/cisco/software/release.html?mdfid=280582808&softwareid=280775065&release=8.4.4.ED&flowid=4822
  What is it?
  A

  Context Directory Agent is the successor product to AD agent. It provides similar functionality buit comes with Linux distribution and has a GUI based interface. You are right that at the link you gave there is no documentation posted. Will need to dig around
  The release notes for the AD Agent product are at: http://www.cisco.com/en/US/docs/security/ibf/release_notes/ibf10_rn.html

• Context Directory Agent server 2012R2

  Hi,
  Win server 2012R2 is not offically on the supported list for Contex Directory Agent ( CDA  ) , anyone tested this setup ?
  I have been following the Installation guide for 2012 : http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html but I the server stays red in the CDA gui. No error messages in the log though. 
  CDA is patch1 and CDA user is within the Domain Admin group and necessary priv changes according to the installation document is in place ( registry key ownership etc,) , firewall on the server has been temporarily disabled.
  Just wanted to see if there is anyone who got the combination CDA/2012R2 running and/or when there will be an official patch to CDA to add 2012R2 support.

  I opened a case and they refer me to bug CSCun10631.
  (CDA doesn't support 2012R2).
  the good news is that a new patch (3) should be release this month (July) and will include support.

• IronPort WSA S170 and Context directory agent

  Hello people and experts,
  I need your consultation regarding IronPort and CDA deployment.
  I couldn't find any information in internet...
  So my question is - if IronPort is AD domain member and Explicit forward proxy is planned to be used. Do I need CDA to be deployed? What will happen if I don't want to deploy CDA in my environment?
  As I understood CDA is useful when IronPort works as Transparent Proxy or if IronPort is not a member of the same domaiin as users.
  Please advise.

  The CDA eliminates the need for NTLM authentication.  Once a user logs onto their computer in the morning and authenticates to the domain, the CDA will have received a successful audit event/log that informs it that user X is signed on to IP address X.  When the WSA needs to find out who is on this IP address, instead of using NTLM to challenge the client machine, it will ask the CDA who signed on this particular IP address.  Once it gets the user name, the WSA will proceed as usual and query the AD to determine the group membership of that particular user.

• Context Directory Agent maps the Active Directory Anti-Virus user

  Hi,
  Today I was able to join a couple of CDA's to our Active Directory domain (2008 R2 DC's) using a non-privileged account and the CDA maps (most) users to IP addresses.
  I would like to use the CDA solely for building up firewall policies based on AD details whenever possible
  as maintaining granular firewall policies on 8 different ASA's is too time consuming as we are not a large IT organization.
  But, after deploying the first "AD Group" based rule, it turned out, that the AD user-account mapped to the IP address of my PC was actually a domain user, running the local anti-virus engine, and not my own.
  It makes total sense that the the anti-virus user is logged on to the PC before any user, so it can do "its thing",
  but my own user-account is never mapped. 
  CDA was able to map certain users to an IP address, even though the anti-virus user is actually logged on to the PC before them.
  Has anyone deployed Identity Based Firewalling and experienced something which resembles this scenario and were you able to do any workarounds?
  I looked into filtering out the logon events (for the Sophos user-account) from the Windows Security logs,
  so the CDA will not be able to map these, but it seems a bit far fetched, and would probably violate a security policy or two :)
  Cheers, Søren Elleby Sørensen

  I opened a case and they refer me to bug CSCun10631.
  (CDA doesn't support 2012R2).
  the good news is that a new patch (3) should be release this month (July) and will include support.

• Cisco Context Directory Agent - Windows logs - Forwarded events

  Hello,
  I have a setup testing with Cisco ASA, Cisco CDA and MS 2012 R2. All this works fine. Only problem I encountered is that I want to read the forwarded events on the AD LDS server instead of the security events.
  So in small words is it possible to connect CDA agent with wmi to forwarded events instead of security logs?
  Is this possible?
  Thanks,
  Mark Post

  Hi,
  I applied the solutions mentioned above, but now i get the below error. Domain still shows as down.
  wmi-property
  exception-stack
  org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:158)
  org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
  org.jinterop.dcom.core.JISession.releaseRef(JISession.java:805)
  org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:777)
  com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:40)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:83)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:599)
  dc-hostname
  dc-name
  exception-cause
  java.net.ConnectException:       Connection timed out
  wmi-class
  Win32_NTDomain
  exception-message
  An internal   error     occurred. [0x8001FFFF]
  wmi-property
  DomainName
  dc-username
  Any Idea on the error?
  Thanks.

• One Microsoft Server 2003 R2 (small business server) doesn't connect to Context Directory Agent

  I have 2 DC's and I'm trying to get the cda to connect to both dc's.  Both are 2003 R2 but the one I'm having trouble with is Small Business Server.  I've double checked security settings and firewalls, but I'm still receiving the error on one server only. 
  All help is appreciated.
  The error I'm getting is:
  Log attributes
  wmi-property
  exception-stack
  org.jinterop.dcom.core.JIComServer.init(JIComServer.java:576)
  org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)
  org.jinterop.dcom.core.JIComServer.<init>(JIComServer.java:445)
  com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:42)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:81)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:169)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:201)
  com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:605)
  dc-hostname
  email.houstonarmature.local/192.168.1.1
  dc-name
  Email
  exception-cause
  java.io.IOException: Socket Closed
  wmi-class
  Win32_NTDomain
  exception-message
  An internal error occurred. [0x8001FFFF]
  wmi-property
  DomainName
  dc-username
  hawadmin

  Hi Toby,
  Just an addition. Did you use an administrator account to logon the RWA and then connect to the remote computer?
  Did encounter the same issue?
  Meanwhile, please refer to following threads and check if can help you.
  RD
  Gateway - Unable to connect via IP (Netbios, FQDN work fine)
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Context Directory Agent VM Requirements

  The CDA installation guide has a few undocumented issues around the vmware requirements. I have ran into issues that are documented on the forums such as the scsi controller and the nic settings.
  here is a thread of the lsi controller that must be selected for the CDA installation to run -
  https://supportforums.cisco.com/thread/2235247
  Also the nic adapter is not detected if I choose to use anything other than flexible. Is this a bug in CDA?
  Thanks,
  Tarik Admani
  *Please rate helpful posts*       

  Ken,
  Thanks for your help. My customer has other nics that they build their virtual machines and it was a little challenging in understanding if the flexbile adapter must be selected since the documentation only covers the OS used for the install.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• SLP Directory Agent (port 427) - internal network goes down

  Due to some VPN problems with corporate headquarters, I had to switch out my current firewall (Instagate EX2) with a new SonicWall. Whenever we tried to switchover to the new SonicWall, my entire internal network went down. I was not able to login to the different Xserves for their appropriate services. Examples included the email server, FTP server, and a special application server we use for news editing. All Xserves run OS X Server 10.4. Our clients range from PowerMacs to Mac Minis and Mac Pros - all running OSX 10.4 with a few running 10.3. Symptoms of problems include when trying to connect to the email server, it just sits saying "Connecting to 10.1.2.x...", same thing for the FTP services. The newsroom software, that usually takes a 1 - 2 seconds to log into, then takes 45 seconds or so. Several techs looked at the problem without any suggestions about what to do to fix it.
  We have a Juniper Netscreen router provided by our ISP that connects to the Instagate firewall and to the network itself. Upon looking at the logs, it was discovered that the OS X stations IPs were using a port 427 - which is used by SLP. One of the techs said that is what is taking our network down when we disconnect the Instagate router from the network (because it evidently is passing this SLP traffic onto the Netscreen router). So when the Netscreen router comes off the network, none of the services on the Xserves work because of this. They said I needed to disable the port 427 on the Netscreen, but if I do this, isn't this having the same effect as taking the network down. Then it was told to me to setup a Directory Agent to handle this traffic. But they didn't provide any instructions to me on how to setup this up on the network or on OS X Server.
  Does anyone have any guidance or suggestions regarding this?
  Thanks,
  G

  I had the ISP's tech in today with proper network analysis software to see what's going on.
  We discovered that it is not SLP that is causing problems as one tech had suggested. Anytime that the internet access was disconnected from the network, the access to services on the OS X Servers go down or are extremely slow. So we began to look at the DNS entries and realized if we removed DNS then the servers refused access, if DNS entries were made (using OpenDNS), then the servers work.
  For example, we use the mail server component of OS X Server 10.4 for our email services. We cannot access the internal server (via IP) without the XServe having an entry in DNS. Put in OpenDNS servers, and things work like they should. The same scenario applies to any services (FTP, NewsEdit, etc.) that's on the OS X Servers. I guess what I'm not understanding is why does everything work internally as long as the OS X Servers have something listed for DNS - even though the DNS is an external DNS IP? Because it is external outside of the network, it's not like the mail server or clients are resolving the private IPs (which there's nothing to resolve since use IP numbers for connection purposes).

• How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA)?

  Hi,
  How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA) in C++?
  Thanks in advance.

  Hi,
  How about your issue now? Is it fixed?
  I think you will get progessional support from other network related forum. Because VC++ forum aims to discuss and ask questions about the Visual C++ IDE, libraries, samples, tools, setup, and Windows programming using MFC and ATL.
  Hope you can understand.
  May
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Do I need license to patch agent through grid control deployment wizard

  In grid control, we have license to use database diagnostics pack and database tuning pack.
  I know wihtout license for provision pack, I cannot patch database homes using grid control deployment tab. But I'm wondering if I can patch grid control agent through deployment page without license for the prvision pack.
  thanks

  There is no management pack license needed for patching the agent. You can get clear details what link needs what packs when you click on '+' symbol (Show Management Pack Information) right to the "About Oracle Enterprise Manager" at the extreme down on OEM screen.
  When you click on "Show Management Pack Information", it will show what pack needed next to every link in paranthesis. If there is no pack information mentioned next to link means, there is no license needed for that link.

• Upgrade - Do I need to uninstall peoplesoft agent plugin before upgrading it?

  Hi Guys,
  I am performing an upgrade of PSEM plugin from 8.51 to 8.52 in Grid Control 11gR1.Do I need to uninstall peoplesoft agent plugin before upgrading it?

  I ended up using the live chat to get the question answered earlier today - but thank you for your response - and you're correct. 
  As for the creative cloud version - no, I opted not to get that.  I hope I don't live to regret it,
  but I'm not in a marketing/design program/etc. I just need photo editing for some end-of-year projects for school that needed better than average photo quality.   
  Thanks for taking the time to respond - much appreciated!

• SLP received service register/deregister error from directory agent

  What's up with this message?
  We occasionally see it on our NetWare 6.5 SP5 servers (and others):
  SLP received service register/deregister error from directory agent.
  Address BLAH, error 2
  We have two DA's, single IP on each.
  The "other" servers are set to "4" for their discovery type (single NIC,
  but multiple IP's).
  Static scope list.
  Display slpda shows active/active on the "other" servers.
  On the DA's, the loopback shows active, as does the "other" DA (they
  point to each other).

  In article <[email protected]>,
  [email protected] says...
  > On 1/16/2007 m_jonis wrote:
  >
  > > SLP received service register/deregister error from directory agent.
  > > Address BLAH, error 2
  >
  > The SLPDA maintains the list of all services from all servers in the
  > working SLP scope. If a server from within a scope stops the service
  > of, let's say iManager, then this change is send over to the SLPDA
  > to deregister this service from being announced.
  >
  > The services are listed as URL: when you issue the DISPLAY SLP
  > SERVICES command.
  >
  >
  >
  So this is kinda an "informational" message and not really an error,
  then?
  So we didn't actually do anything wrong (for once)?