Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco CSC SSM Active directory integration issue

Hi All,

I had configured AD integration on my CSC module without problem. The agent is installed directly on AD server (Windows 2003 R2 64 Bit)

From User Identification Settings page seems to be all ok.

ad_integration.png

After this, I had configured a policy for account administrator that block all web traffic. If I try to open a web page from server, the policy work correctly, if I try to open a web page on another client (after logged in as administrator) the policy not work and I can access to all the internet page.

I try to debug the problem and I found this:

when browse internet page from AD server seems to be no problem:

2010-10-25T13:01:16+-200 <4820-3368> Detected user (L********\Administrator) logon from (192.168.0.11)

2010-10-25T12:46:02+-200 <4820-6584> Query Id for (192.168.0.11) and found user (L********\Administrator) in group (L*******\Administrators) for TTL (540)

when browse internet page from a client:

2010-10-25T12:40:37+-200 <4820-5780> Detected user (L*********\Administrator) logon from (192.168.0.133)

2010-10-25T12:44:05+-200 <4820-6848> Query Id for (192.168.0.133) but not found

Could anyone help me?

Regards

Danilo

4 REPLIES
Cisco Employee

Re: Cisco CSC SSM Active directory integration issue

What CSC version are you running?

What computers have the issue? Are the users Widnows 7, Vista, XP?

PK

New Member

Re: Cisco CSC SSM Active directory integration issue

The CSC version is the latest release (6.3.1172.3)

The computer client are XP.

Cisco Employee

Re: Cisco CSC SSM Active directory integration issue

OK, we haven't seen similar issues with XP and 6.3.1172.3.

Please check the following:

1.  The machine should be part of the windows domain

2.  File Sharing should be enabled on the client machine

3.  "Remote Registry" Service should be enabled (by default it is not enabled in Vista)

4.  On the windows firewall, select "Windows Management Instrumentation (WMI)" as an exception program to allow in bound WMI calls. Also, make sure the "File and Printer Sharing" is part of the exception list.

    Port 445 enabled

If the issue persists open a case with TAC.

I hope it helps.

PK

New Member

Re: Cisco CSC SSM Active directory integration issue

1) The machine is part of windows domain;

2) What do you mean with "file sharing"?

3) In the client machine?

4) The windows firewall is disabled.

Abount point 2 and 3, there is nothing of similar on CSC Administration guide.

Regards.

361
Views
0
Helpful
4
Replies
CreatePlease login to create content