05-21-2018 09:00 AM - edited 02-21-2020 10:56 AM
Hello Experts,
I have a customer who is running ISE PIC node that publishes user log on events to stealthwatch. This is purely for monitoring purposes.Customer is using WMI provider to get the log on events. The customer has the following concerns :
1. Currently, customer is complaining that his domain controllers are overloaded. They also have a FW that is currently subscribed to the WMI service on their DC. The customer would like to know what are the processes/persistent queries that are running on the DC, when we configure WMI with ISE PIC. This will help him isolate if the issue is with ISEPIC or the FW thats causing the load.
2. Since both ISE PIC and the FW are using the same WMI service on the DC. Would using the agent help manage the load better ?
Thanks
Priyanka
Solved! Go to Solution.
05-21-2018 11:42 AM
ISE-PIC is using the same code as ISE.
Correct, we tried PIC agent earlier but not helping. PIC agent has helped in another case where prone to timeouts on direct WMI connections.
05-21-2018 09:53 AM
Potentially due to CSCvh86466. Please check.
05-21-2018 11:35 AM
Thanks for the BUG id Hsing.
1. Does this BUG hold good for ISE-PIC node ? The only case attached to the BUG seems to be a regular ISE node running the passive ID probe. Also, any ideas on how to troubleshoot if the issue is specific to ISE-PIC or the FW exhausting the resources ?
2. I am assuming using the agent will not be a viable solution in this case ?
05-21-2018 11:42 AM
ISE-PIC is using the same code as ISE.
Correct, we tried PIC agent earlier but not helping. PIC agent has helped in another case where prone to timeouts on direct WMI connections.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: