Cisco Bug: CSCuw20184 - User agent errors running as Local System account
Oct 04, 2018
- Cisco Firepower Management Center
Known Affected Releases
Symptom: A zero byte UserEncryptionBytes.bin file is created at c:\. Viewing the Windows Event Log shows an error similar to the following: 'The trust relationship between the primary domain and the trusted domain failed'. Conditions: This bug manifests as a flaw in our logic when protecting sensitive files, like the database file and c:\UserEncryptionBytes.bin. The process follows: 1) Create the file. 2) Ask Windows what account runs the user agent service. 3) Restrict access to the file to be the current user and the service running the user agent. 4) Populate the file. This logic worked in our test environments, but in some customer deployments, step 2 fails if the special named account 'Local System' is the one that runs the agent service. Note that this is the default configuration placed by the agent installer. This results in a crashed agent service and a zero byte file created on disk.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases