THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
06-Jun-17 |
Initial Release |
10.0 |
13-Dec-17 |
Migration to new field notice system |
Affected OS Type | Affected Release | Affected Release Number | Comments |
---|---|---|---|
NON-IOS |
6.1 |
6.1.0,6.1.0.1 |
|
NON-IOS |
6.0 |
6.0.1 |
|
NON-IOS |
6.2 |
6.2.0 |
Defect ID | Headline |
---|---|
CSCvb06707 | Excessive error messages from ADI for no DN for user, LQ_DN_UNAVAILABLE |
Misconfiguration of the realm object might cause excessive error messages that result in syslog files being overwritten in the Firepower sensor.
Certain platform misconfigurations might cause excessive error messages that result in syslog files being overwritten in the Firepower sensor. These error messages are most commonly seen when there is a misconfiguration in the realm object that results in a log in event for a user that can not be found in Active Directory based on the "Base DN" field. The issue might also occur when the incorrect user/password is used to download the users/groups.
No user-facing symptoms are caused by this defect. However, it causes potentially valuable information in the Firepower sensor syslog files to be overwritten by the large number of error messages.
The excessive messages in syslog files, usually located in /var/log/messages, might be similar to these:
SF-IMS[30088]: [12222] ADI:adi.LdapRealm [WARN] no DN found for user 'myuser'
SF-IMS[30088]: [12678] ADI:adi.ldap_query_handler [ERROR] Remote LDAP Query failed with error: LQ_DN_UNAVAILABLE
These messages might be seen once per minute, dependent upon the number of users and the specific device configuration.
Correct the realm/LDAP configuration in the advanced settings of the Realm Configuration.
Updated Cisco FirePOWER software that addresses this issue is available from Cisco Software Central for customers with a valid service contract. The recommended upgrade paths are shown in this table.
Impacted Software Version(s) | Fixed Software Version(s) |
---|---|
6.0(1), 6.1(0), 6.1(0)1 | 6.1(0)3 or later |
6.2(0) | 6.2(0)1 or later |
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance