Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About vmadriga
Community Record
3
Posts
0
Kudos
0
Solutions
Badges
Apr 22 2021
3:35 PM
Hi All, I am trying to integrate Systems Manager with Active Directory via SM agent installed on a windows server machine however it is failing without any additional information. Both the Active Directory and the Windows machine with the SM installed have IP connectivity (I did a packet capture and I only see 3 packets being exchanged between the 2 machines a Syn packet from the machine with the SM agent -> a Syn Ack packet from the Active Directory -> a Reset packet from the machine with the SM agent. I also see the following logs in the "m_agent_service.log" file: 2021-04-21 12:56:45.473186 [5624]: Connecting to LDAP host 172.11.30.1:389 2021-04-21 12:56:52.681089 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 12:57:23.16639 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 12:57:26.58535 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 12:57:53.342521 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 12:57:56.223684 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 12:58:17.160678 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 12:58:17.160678 [5624]: Connecting to LDAP host 172.11.30.1:389 2021-04-21 12:58:23.664916 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 12:58:54.6946 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 12:58:57.614086 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 12:59:24.310182 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 12:59:27.825735 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 12:59:54.635399 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 12:59:57.990979 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 13:00:24.908289 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 13:00:28.268759 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 13:00:55.218037 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 13:00:58.438841 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 13:01:25.517997 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 13:01:28.627855 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 13:01:30.877858 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 13:01:30.877858 [5624]: Connecting to LDAP host 172.11.30.1:3268 2021-04-21 13:01:55.835303 [8672]: ConnState::sample_win_common(): NOT ASSOCIATED, not getting net states 2021-04-21 13:02:11.465363 [5624]: TunClient::handle_request [pcc105.meraki.com]: request 2021-04-21 13:02:20.37348 [5624]: TunClient::handle_request [pcc105.meraki.com]: request but it is not clear to me why the SM agent is sending the Reset packet and terminating the connection. Does the domain account used for this integration requires special permissions? Any comments are really appreciated.
... View more
Labels:
- Labels:
-
Other
Apr 22 2021
3:11 PM
Thanks Paul, I did some testing and created a new SCEP certificate specifying the username as the CN: and then I specify this new SCEP into the Wifi Configuration: When I enroll the device now I have one certificate installed with the CN field populated with the username specified on the Owners list, however on the Wifi profile installed on the device there is no user certificate configured on the profile. If I select the default SCEP under Wifi settings and select "Use username as certificate CN" : I do get a user certificate on the Wifi Profile on the mobile device however this user certificate does not include the username in the CN field, it contains a random number instead. Is there a document that explains how SCEP policies are applied to Wifi settings and how to specify that the CN field contains the username for the default SCEP? Any comments are really appreciated.
... View more
Apr 20 2021
12:06 PM
Hi all, I am configuring the authentication settings on a WiFi profile to push it to mobile devices and I want to use certificate based authentication. I need that the identity certificate distributed to the mobile device includes the username as the CN. Is it a requirement for this to work to integrate the Active Directory into the Systems Manager? Right now I am using local users defined on the "Owners" page and the certificates pushed to the mobile devices does not have the username as the CN in the identity certificate, I am assuming that the username defined in the "Owners" page will be used as the CN but I am not sure if this is correct. Any comments are really appreciated.
... View more
Labels:
- Labels:
-
Other
© 2024 Cisco Systems, Inc.
