Guest

Preview Tool

Cisco Bug: CSCuw20184 - User agent errors running as Local System account

Last Modified

Oct 04, 2018

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

2.3.0

Description (partial)

Symptom:
A zero byte UserEncryptionBytes.bin file is created at c:\.  Viewing the Windows Event Log shows an error similar to the following: 'The trust relationship between the primary domain and the trusted domain failed'.

Conditions:
This bug manifests as a flaw in our logic when protecting sensitive files, like the database file and c:\UserEncryptionBytes.bin.  The process follows:

1) Create the file.
2) Ask Windows what account runs the user agent service.
3) Restrict access to the file to be the current user and the service running the user agent.
4) Populate the file.

This logic worked in our test environments, but in some customer deployments, step 2 fails if the special named account 'Local System' is the one that runs the agent service.  Note that this is the default configuration placed by the agent installer.  This results in a crashed agent service and a zero byte file created on disk.

Related Community Discussions

Sourcefire User Agent Authentication error
Hi All, I am facing major issue in Sourcefire User agent, we want to integrate AD with Sourcefire, We added Ldap Connection in Sourcefire, that successfully added, we tried to install User agent on AD, but there was requirement for .net framework and sql, we installed and run User agent,  now User agent is installed, but when we try to connect with AD, fill all parameters Server IP, Domain, User name , Password, but there was continues error showing there was a error connecting to server, please ...
Latest activity: Feb 08, 2016
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.