cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1947
Views
0
Helpful
3
Replies

WMI load on DC

pangadi
Cisco Employee
Cisco Employee

Hello Experts,

I have a customer who is running ISE PIC node that publishes user log on events to stealthwatch. This is purely for monitoring purposes.Customer is using WMI provider to get the log on events. The customer has the following concerns :

1. Currently, customer is complaining that his domain controllers are overloaded. They also have a FW that is currently subscribed to the WMI service on their DC. The customer would like to know what are the processes/persistent queries that are running on the DC, when we configure WMI with ISE PIC. This will help him isolate if the issue is with ISEPIC or the FW thats causing the load.

2. Since both ISE PIC and the FW are using the same WMI service on the DC. Would using the agent help manage the load better ?


Thanks

Priyanka

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

ISE-PIC is using the same code as ISE.

Correct, we tried PIC agent earlier but not helping. PIC agent has helped in another case where prone to timeouts on direct WMI connections.

View solution in original post

3 Replies 3

hslai
Cisco Employee
Cisco Employee

Potentially due to CSCvh86466. Please check.

pangadi
Cisco Employee
Cisco Employee

Thanks for the BUG id Hsing.

1. Does this BUG hold good for ISE-PIC node ? The only case attached to the BUG seems to be a regular ISE node running the passive ID probe. Also, any ideas on how to troubleshoot if the issue is specific to ISE-PIC or the FW exhausting the resources ?

2. I am assuming using the agent will not be a viable solution in this case ?

hslai
Cisco Employee
Cisco Employee

ISE-PIC is using the same code as ISE.

Correct, we tried PIC agent earlier but not helping. PIC agent has helped in another case where prone to timeouts on direct WMI connections.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: