Guest

Preview Tool

Cisco Bug: CSCul91404 - CX fails to learn User-IP mappings from CDA/AD Agent

Last Modified

Nov 27, 2020

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

9.1(3.0.8) 9.2(1.1.48)

Description (partial)

Symptom:
CX fails to learn user-ip mappings from CDA or AD Agent. CDA or AD Agent will show the CX continuously changing from in-sync to out-of-sync.

adi.log in CX will show messages like this:

2013-12-06 14:05:37,463 DEBUG vdi.daemon           - adagent: successfully registered
2013-12-06 14:05:37,463 INFO  vdi.daemon           - Registered Active Directory PIP++ client.
2013-12-06 14:05:37,467 ERROR vdi.daemon           - adagent: failed to send keep-alive.

Conditions:
While CX is configured with an AD Agent or CDA:

Some event in the system causes ADI to restart Likewise
After the restart, at any point in the future (immediately or days), a network condition causes ADI to restart the communication with CDA.  This can be caused by changing configuration or ADI and CDA fall out of sync.

Once these events occur in that order, the bug is triggered - ADI cannot reestablish communication with CDA.  The first event causes likewise to gain control of the network sockets use to talk to CDA.  The second event causes ADI to relinquish control and try to reestablish the communication. However, when trying to reestablish communication, likewise already has the connection open and ADI cannot set up the new connection.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.