Cisco Firepower User Agent Database Service Does not Restart after a Stop

Available Languages

Download Options

  • PDF     (2.1 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (2.2 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.3 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 12, 2017
Document ID:210582

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

A Cisco User Agent can monitor the Microsoft Active Directory (AD) server and reports login and logoff activities that are authenticated by an LDAP server. A Firepower Management Center (FMC) integrates these activities with the security events it collects from a Firepower managed device. This document provides a solution to an issue when the User Agent does not start after you stop its service.

Symptoms

You can use the solution on this document if you notice the following symptoms with your User Agent service:

  • User Agent interface shows the service as Not Running.
  • The Windows Service Console, services.msc, shows the Cisco User Agent status as blank, and fails to start the service.
  • The windows event log shows an error similar to "The trust relationship between the primary domain and the trusted domain failed"
  • A file UserEncryptionBytes.bin is created at C:\ with zero byte in size.
  • The debug mode of a User Agent client shows the following error messages in the Log tab of the User Agent:
<Timestamp>,"debug","[0102] - An error occured while fetching encryption bytes from 'C:\UserAgentEncryptionBytes.bin':
The trust relationship between the primary domain and the trusted domain failed.."

<Timestamp>,"error","[0102] - An error occured while fetching encryption bytes from 'C:\UserAgentEncryptionBytes.bin':
Specified key is not a valid size for this algorithm.."

<Timestamp>,"error","[0002] - Error connecting to 10.85.3.122: System.UnauthorizedAccessException:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Solution

Step 1: Run the Microsoft Windows Services Console, services.msc. It allows you to disable or enable a Windows service.

Step 2: Right click the Cisco User Agent service and select Stop to stop the service.

Step 3: Navigate to the C: drive.

Step 4: Delete this UserAgentEncryptionBytes.bin file.

Step 5: Delete the CiscoUserAgent file, which is an SQL Server Compact Edition Database File.

Step 6: Go back into services.msc. Right click on the Cisco User Agent service, select Properties, then select Log On tab, and configure a user as an AD user login. Click Apply when done.

Step 7: On the services.msc, click Start for the Cisco Firepower User Agent for Active Directory service.

Step 8: Verify the size of the UserAgentEncryptionBytes.bin file. It should not be 0 KB.

Step 9: Add the Domain Controllers and Firepower Managmenet Center to the User Agent Client. Please be sure to add the Domain Controllers/local host before adding the Firepower Management Center to the User Agent.

References

TAC Authored

Contributed by Cisco Engineers

  • Sonya Helfrich
    Cisco TAC Engineer
  • Nazmul Rajib
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products