Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hello.

I'm trying to connect Cisco CDA with  Windows 2008 R2 Domain Controller but I get this error:

Log attributes

wmi-property
exception-stack
org.jinterop.winreg.smb.JIWinRegStub.winreg_CreateKey(JIWinRegStub.java:310)

org.jinterop.dcom.core.JIComServer.initialise(JIComServer.java:510)

org.jinterop.dcom.core.JIComServer.(JIComServer.java:414)

com.cisco.cda.rt.adobserver.adobserver.jinteropUtil.getWmiLocator(jinteropUtil.java:39)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.QueryWMIProperty(EventsThread.java:83)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.getNetBIOS(EventsThread.java:171)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.extractDCData(EventsThread.java:203)

com.cisco.cda.rt.adobserver.adobserver.EventsThread.run(EventsThread.java:599)

dc-hostname HOSTANEM/192.168.X.X

dc-name HOSTNAME

exception-causeorg.jinterop.dcom.common.JIRuntimeException: Access is denied, please  check whether the [domain-username-password] are correct. Also, if not  already done please check the GETTING STARTED and FAQ sections in  readme.htm. They provide information on how to correctly configure the  Windows machine for DCOM access, so as to avoid such exceptions.   [0x00000005]

wmi-classWin32_NTDomain

exception-messageAccess is denied, please  check whether the [domain-username-password] are correct. Also, if not  already done please check the GETTING STARTED and FAQ sections in  readme.htm. They provide information on how to correctly configure the  Windows machine for DCOM access, so as to avoid such exceptions.   [0x00000005]

wmi-property DomainName

dc-username administrator


25 REPLIES
Community Member

Cisco Context Directory Agent - Error Querying for WMI property

I get the same error, in AD Agent this collect works fine. (same user)

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Yes indeed.

The AD Agent from both DC's works fine to me also... I think because they are made for Microsoft environment.

With CDA it's another problem because I suppose that is a Linux kernel.

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hi guys,

On Windows 2008 R2 only, the Cisco CDA requires the user to have an additional permission on the following registry key:

HKLM\Software\Classes\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}

HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6} (only if this key exists)

This permission is not given to members of the Domain Admins by default, and must be added explicitly.

You can refer to the user guide for more information:

http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_wrkng.html#wp1054050

I hope this helps resolves your issue,

Erez

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hi Shabat,

Sorry for my late answer.

I tried to modify the registry's as you said but I'm getting the error "Unable to save permission changes on

{76A64158-CB41-11D1-8B02-00600806D9B6}. Access is denied."

I forgot to mention that our DC's has Win 2008 R2 x64 SP1.

.

Regarding the privileges, the admin account has full access, but the permissions cannot be changed..

I don't know how to solve it.

Thanks in advance.

Regards,

Simon

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hi Simon,

You will need a Domain Admin account to add the permisson.

If you are indeed using a Domain Admin account, and still get the "Access is denied" message, you will need to take ownership of the registery key(s). You can do this by clicking the Advanced button in the Permissions tab - this will open a new window, in that window go to the "Owner" tab, and change the owner to the Domain Administrators group, or your current administrator account.

After taking ownership, you should be able to change the permissions successfully (without getting an "Access is denied" message).

Please let me know how it goes.

Thanks,

Erez

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hy Erez,

Thanks for reply.

So...

     1. My user it's the  domain admin

     2. The ownership of the registry is already my domain admin.

     But still not working.

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hi Simon,

Can you please double check the owner of the following key(s) explicitly? (i.e right click the key, click permissions and then advanced)

HKLM\Software\Classes\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}

HKLM\Software\Classes\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6} (only if this key exists)

By default the owner is "TrustedInstaller", and should be changed to Domain Admins.

If you are still getting an "Access is denied" message, please feel free to contact me and I'll guide you through it.

Thanks,

Erez

“sudo yum install openmotif22-2.2.3-18.i386”

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hi Erez,

Finally works. Thank a lot.

But... I still have a question.

In this moment our DC's provides info's regarding the identity users to the main Cisco ASA and Irnport WSA S170 through Cisco AD Agent.

What I must do in order that ASA and WSA will comunicate with Cisco CDA instead of Cisco AD Agent to receive the updates?

Thanks again.

Regards,

Simon.

Community Member

Cisco Context Directory Agent - Error Querying for WMI property

Hi Erez,

I solved the problem also with connection between AD to ASA and WSA.

Thanks a again for help.

Regards,

Simon

Community Member

Re: Cisco Context Directory Agent - Error Querying for WMI prope

I have questions about the additional permissions you mentioned before. Our cda user is defined as domain admin and we changed the owner of the keys from TrustedInstaller to "Domain Admins".

What additional permissions are needed to get it working. We still have the problem that we get the "Access is denied". The same user used with the AD Agent works fine.

Thanks for helping in adv.

Walter

Sent from Cisco Technical Support iPad App

Community Member

Re: Cisco Context Directory Agent - Error Querying for WMI prope

Hy Walter,

All what I've done was to make stept by step what Erez told me to do. And it's working fine.

Only one thing... I'm didn't create a CDA Admin inserted on Domains Admins I'm using only the Domain administrator to let CDA connect to DC's.

Did you made also what Erez told me about in the message on Jun 14, 2012 1:21 PM                             (in response to Simon Ludovic)?

*** By default the owner is "TrustedInstaller", and should be changed to Domain Admins. *** cf. Erez... both registry must be changed.

Thanks.

Community Member

Re: Cisco Context Directory Agent - Error Querying for WMI prope

Hi Simon,

We did change both registry entries.

The problem we have, that we don't know what additional permissions are needed. Can you provide an example or even better a printscreen of your permission settings? Thanks!

Walter

Sent from Cisco Technical Support iPad App

Community Member

Re: Cisco Context Directory Agent - Error Querying for WMI prope

Hy Walter,

Give me some minutes and I will provide some printscreens.

Thanks.

Community Member

Re: Cisco Context Directory Agent - Error Querying for WMI prope

So...

Please find attached a print screen from one DC and one registry (as example).

This settings I made on both DC's and on bot registry which Erez specified.

I would like to say that my DC's has Windows 2008 R2 SP1 x64.

Hope that this image helps you.

13296
Views
9
Helpful
25
Replies
CreatePlease to create content