Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Context Directory Agent server 2012R2

Hi,

Win server 2012R2 is not offically on the supported list for Contex Directory Agent ( CDA  ) , anyone tested this setup ?

I have been following the Installation guide for 2012 : http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html but I the server stays red in the CDA gui. No error messages in the log though. 

CDA is patch1 and CDA user is within the Domain Admin group and necessary priv changes according to the installation document is in place ( registry key ownership etc,) , firewall on the server has been temporarily disabled.

Just wanted to see if there is anyone who got the combination CDA/2012R2 running and/or when there will be an official patch to CDA to add 2012R2 support.

  • AAA Identity and NAC
Everyone's tags (5)
26 REPLIES
Cisco Employee

Re: Context Directory Agent server 2012R2

I guess, you should ask this query either in firewall or web security appliance community

I was looking around and as per installation guide. The Cisco CDA 1.0 supports the following Active Directory versions:

• Windows Server 2003

• Windows Server 2003 R2

• Windows Server 2008

• Windows Server 2008 R2

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Context Directory Agent server 2012R2

CDA 1.0 patch 1 adds support for server 2012 (  2012R2 is not supported officially it seems like ).

New Member

Context Directory Agent server 2012R2

Maybe someone knows ETA or any news regarding CDA in combination with 2012 R2 domain controllers?

New Member

Context Directory Agent server 2012R2

I verified I also have the same problem connecting to 2012R2 after upgrading CDA to Patch 1 from a non-patch CDA connecting to a retired 2008R2 box.  The Status icon under Active Directory Servers is red.

I verified the netsh commands, DCOM settings, WMI settings were all reconfigured on the new 2012R2 DC without any progress.

New Member

Context Directory Agent server 2012R2

Patch 2 was released during February , anyone tested against 2012 R2 ? Can't find anything specific in the release notes..

New Member

Context Directory Agent server 2012R2

Thanks for the notification on the new release. After installing Patch 2 this morning, the connection to my 2012R2 DC did not turn green from the previous red. I tried removing the connection and re-adding without any luck either. Another thing I tried was the NTLMv2 setting even though I have GPO “Network security: LAN Manager authentication level” set to “Send LM & NTLM - use NTLMv2 session security if negotiated.”

I can't get it to work, and you’re right that 2012 R2 isn’t specifically supported with this release based on the release guide missing specific mention of it and the fact that it doesn't show up under the "What's new in Cisco CDA" section as 2012 does for Patch 1.  I'm disapointed in the slowess to support this OS.  Waiting for the next patch...

New Member

Context Directory Agent server 2012R2

I agree Jeremy. I am also very surprised to see that there is no support for CDA to work with Server 2012 R2.

New Member

Same issue here.. I have

Same issue here.. I have opened a case with TAC, and they stated that it's in development, but it's known not to work. There is a "work around", but I'm still debating if it something I want to do. You basically need to configure event log forwarding for event ID 4768 (Kerberos authentication), to another DC that is running one of the supported versions of Windows server. I'm going to test it if I can find better documentation on the web somewhere.

New Member

Also opened case with TAC,

Also opened case with TAC, had asked for ETA for fix or some documentation for the log forwarding work-around.  TAC couldn't provide either.

Keith, did you have any luck with the log forwarding work-around?

 

 

3859
Views
10
Helpful
26
Replies