No, I have not resolved it .

lyutov_dv · ‎12-16-2015

There are a lot of messages in my Syslog in Firepower Management Center:

Dec 17 2015 10:02:15 firepower SF-IMS[9098]: [28745] ADI:adi.ldap_query_handler [ERROR] Remote LDAP Query failed with error: LQ_DN_UNAVAILABLE

And most of users can't be recoznized:

Dec 17 2015 10:02:15 firepower SF-IMS[9098]: [28745] ADI:adi.LdapRealm [INFO] no DN found for user '********_***'.

What's the reason of these errors?

Aastha Bhardwaj · ‎12-17-2015

Hi,

It seems you are on 6.0 version ? Did you face the issue after upgrade. I guess you are running into a known issue . Can you try to check :

tail -f /var/log/messages

Also : pmtool status |grep -i Down (on the defense center).

Regards,

Aastha Bhardwaj

Rate if that helps!!!

lyutov_dv · ‎12-17-2015

Hi,

Yes, I use 6.0 version, but I've installed it recently and I've never used previous versions.

The result of pmtool status |grep -i Down:

RUAScheduledDownload - Period 3600 - Next run Fri Dec 18 01:02:30 2015

Is it OK? What should i do to solve this problem?

Aastha Bhardwaj · ‎12-18-2015

Hi,

Can you send : tail -f /var/log/messages , there are 2 internal bugs which has been filed for this . So need to check further.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

lyutov_dv · ‎12-18-2015

The result of tail -f /var/log/messages in attachment.

The same errors i see in Syslog of FMC (Firepower Management Center)

John Groetzinger · ‎09-02-2016

If you are seeing these messages it means that there was a log in event for a user that can't be found in the corresponding realm via an LDAP query.

Once the device receives a log on event (either passive authentication from a User Agent of ISE, or active authentication from captive portal) if the user does not exist from the last user download the system will attempt to pull information for the user from AD. It uses the settings in the realm object(s). When it can't find the user from an LDAP query it will print this message.

This message can be logged very excessively because the system will check every minute for all users that have a log in that it doesn't have information for.

The most typical cause of this issue is a misconfiguration in the realm Base DN. If the user isn't found in the Base DN in the realm then the base DN likely needs to be adjusted. If the LDAP/AD server can't be reached in general you may also see these messages.

I have file a bug for the excessive logging of these error messages as they flood the logs:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb06707

This bug is ONLY for the excessive logging of the error message, and the error message itself is not a bug, it is just a way to tell that there is an issue finding a user, and it's likely related to the realm config.

avanvooren1 · ‎05-03-2017

In my case, I can tell by the names that it's looking for users that are no longer with the company and are not to be found on the DC anymore. How can I tell it to forget about them?

darin.gottman1 · ‎05-19-2017

Were you able to get an answer to this question? We have several thousand users that no longer exist and this causes several of these messages to appear in the syslog. What is the danger in purging the user table? Do we need to add a step to our termination process where we delete the user out of the FireSight database?

avanvooren1 · ‎05-19-2017

No, I have not resolved it . The issue is one of those issues that annoy more than actually cause problems. Please do post anything you try and let me know if it works.

Error: LQ_DN_UNAVAILABLE