cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2759
Views
0
Helpful
3
Replies

Cisco CDA and Windows-Firewall

Hi,

I just wanted to migrate from the AD-Agent to the CDA but I'm running into some problems with the windows firewall. That's the situation:

- The AD_Agent was running fine (with Windows-Firewall on DC enabled).

- The CDA can connect to my DC when I disable the Windows-Firewall

- The CDA can not communicate to my DC when I enable the Windows-Firewall. The error is:

org.jinterop.dcom.core.JIComServer.init(JIComServer.java:576)

org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:481)

org.jinterop.dcom.core.JIComServer.(JIComServer.java:414)

com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:39)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.connectToDomainController(EventsThread.java:545)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:613)

exception-text
An internal error occurred. [0x8001FFFF]

server
dc-hostname
10.255.192.159

connection-type
com.cisco.cda.rt.adobserver.adobserver.CurrentEventsThread

- I use the same user-account I used for the AD_Agent. The permissions for the two registry-keys that are stated in the install-guide are set.

- The rule for "Windows Management Instrumentation (WMI)" in Windows-Firewall is activated.

- The DC is running a german Windows 2008 R2. In the CDA-documentation I didn't find any hint that a localized Windows is unsupported, so I hpre that this is not the problem.

Any hints what I could be missing?

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni       

3 Replies 3

eshabat
Level 1
Level 1

Hi Karsten,

Localized versions are supported, so that is probably not the issue here.

You can create a custom rule in the Windows firewall to allow udp and tcp traffic from the CDA and see if it solves your problem.

Thanks,

Erez

Hello Karsten, Erez,

I have noticed the same issue and error message. The only quick-fix was a FW-Policy allowing CDA-TCP connectivity to Windows-AD.

This is somehow strange, as I followed the latest CDA-Patch documents and did insert the WMI-Firewall-Access policy already, but this was not enough though.

To me it looks like some RPC/DCOM mapping is not opened for CDA to access the AD-Server.

regards

/michael

Hello Michael,

I also have noticed the same issue.

Your solution that create a FW rule to open all TCP ports between CDA and Windows-AD works fine.

But is there no another solution (more securely) ?

Thanks for your response

Best regards

Sam

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: