Cisco Cisco Web Security Appliance S670
5
Release Notes for Cisco Context Directory Agent, Release 1.0
OL-26298-01
Open Caveats in Cisco Context Directory Agent Release 1.0
CSCtw78043
Symptom
DC status in the Cisco CDA Dashboard might show as down during the
first few minutes after Cisco CDA is connected.
Conditions
When CDA connects to the Active Directory DC, it retrieves login history
from the DC. While history is being retrieved, the DC status might show as down.
This may last for several minutes, depending on history size and system load.
This may last for several minutes, depending on history size and system load.
Workaround
The issue is transient and the DC status is updated as soon as history
retrieval is complete. Click the refresh icon to update the display. Hence, the
workaround provided here is not mandatory.
workaround provided here is not mandatory.
It is possible to avoid this issue by setting the following registry keys on the domain
controller:
controller:
•
HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B
6}\InProcServer32\ThreadingModel
6}\InProcServer32\ThreadingModel
Change the default value “Apartment” to “Free”.
On 64 bit Domain Controllers, the following key should also be similarly changed:
•
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{76A64158-CB41-11D1-8B0
2-00600806D9B6}\InProcServer32\ThreadingModel
2-00600806D9B6}\InProcServer32\ThreadingModel
Restart the WMI service on the DC for the changes to take effect.
CSCtx67710
Symptom
Cisco CDA does not receive identity mappings from an Active Directory
2008R2 DC, even though the DC shows as connected, and the user login events show
up in the DC security audit log.
up in the DC security audit log.
Conditions
This issue might occur under rare conditions. Clearing logs on the DC
multiple times is one way to trigger the issue.
Workaround
Restart the WMI service on the DC to restore normal operation of the
system.
A Hotfix is available from Microsoft to address the root cause of this defect. The
WMI process stops sending events to WMI clients from a Windows 7-based or
Windows Server 2008 R2-based server,
WMI process stops sending events to WMI clients from a Windows 7-based or
Windows Server 2008 R2-based server,
Table 1
Open Caveats in Cisco Context Directory Agent Release 1.0 (continued)
Caveat
Description