Cisco Bug: CSCul91404 - CX fails to learn User-IP mappings from CDA/AD Agent
Feb 28, 2018
- Cisco ASA Next-Generation Firewall Services
Known Affected Releases
Symptom: CX fails to learn user-ip mappings from CDA or AD Agent. CDA or AD Agent will show the CX continuously changing from in-sync to out-of-sync. adi.log in CX will show messages like this: 2013-12-06 14:05:37,463 DEBUG vdi.daemon - adagent: successfully registered 2013-12-06 14:05:37,463 INFO vdi.daemon - Registered Active Directory PIP++ client. 2013-12-06 14:05:37,467 ERROR vdi.daemon - adagent: failed to send keep-alive. Conditions: While CX is configured with an AD Agent or CDA: Some event in the system causes ADI to restart Likewise After the restart, at any point in the future (immediately or days), a network condition causes ADI to restart the communication with CDA. This can be caused by changing configuration or ADI and CDA fall out of sync. Once these events occur in that order, the bug is triggered - ADI cannot reestablish communication with CDA. The first event causes likewise to gain control of the network sockets use to talk to CDA. The second event causes ADI to relinquish control and try to reestablish the communication. However, when trying to reestablish communication, likewise already has the connection open and ADI cannot set up the new connection.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases