Win server 2012R2 is not offically on the supported list for Contex Directory Agent ( CDA ) , anyone tested this setup ?
I have been following the Installation guide for 2012 : http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html but I the server stays red in the CDA gui. No error messages in the log though.
CDA is patch1 and CDA user is within the Domain Admin group and necessary priv changes according to the installation document is in place ( registry key ownership etc,) , firewall on the server has been temporarily disabled.
Just wanted to see if there is anyone who got the combination CDA/2012R2 running and/or when there will be an official patch to CDA to add 2012R2 support.
I guess, you should ask this query either in firewall or web security appliance community
I was looking around and as per installation guide. The Cisco CDA 1.0 supports the following Active Directory versions:
• Windows Server 2003
• Windows Server 2003 R2
• Windows Server 2008
• Windows Server 2008 R2
**Do rate helpful posts**
I verified I also have the same problem connecting to 2012R2 after upgrading CDA to Patch 1 from a non-patch CDA connecting to a retired 2008R2 box. The Status icon under Active Directory Servers is red.
I verified the netsh commands, DCOM settings, WMI settings were all reconfigured on the new 2012R2 DC without any progress.
Patch 2 was released during February , anyone tested against 2012 R2 ? Can't find anything specific in the release notes..
Thanks for the notification on the new release. After installing Patch 2 this morning, the connection to my 2012R2 DC did not turn green from the previous red. I tried removing the connection and re-adding without any luck either. Another thing I tried was the NTLMv2 setting even though I have GPO “Network security: LAN Manager authentication level” set to “Send LM & NTLM - use NTLMv2 session security if negotiated.”
I can't get it to work, and you’re right that 2012 R2 isn’t specifically supported with this release based on the release guide missing specific mention of it and the fact that it doesn't show up under the "What's new in Cisco CDA" section as 2012 does for Patch 1. I'm disapointed in the slowess to support this OS. Waiting for the next patch...
Same issue here.. I have opened a case with TAC, and they stated that it's in development, but it's known not to work. There is a "work around", but I'm still debating if it something I want to do. You basically need to configure event log forwarding for event ID 4768 (Kerberos authentication), to another DC that is running one of the supported versions of Windows server. I'm going to test it if I can find better documentation on the web somewhere.
Also opened case with TAC, had asked for ETA for fix or some documentation for the log forwarding work-around. TAC couldn't provide either.
Keith, did you have any luck with the log forwarding work-around?