Troubleshoot the Passive Identity Agent

This topic discusses how you can troubleshoot the passive identity agent software on your Windows AD domain controller or directory server.

(Optional.) Set the log level

By default, the passive identity agent logs at the INFO level. To optionally change the log level, open C:\Program Files\Program Files (x86)\Cisco\Cisco Passive Identity Agent\CiscoPassiveIdentityAgentService.exe.config in a text editor, save the file, and restart the Cisco Passive Identity Agent service.

Do not rename the logging service

Do not rename C:\Program Files\Program Files (x86)\Cisco\Cisco Passive Identity Agent\CiscoPassiveIdentityAgentService.exe.config ; otherwise, the passive identity agent will stop generating log files. Do not remove or change the .exe.config file extension.

View log files

Passive identity agent log files are stored in plain text format in the agent's installation directory: C:\Program Files\Program Files (x86)\Cisco\Cisco Passive Identity Agent .

Use Notepad or another text editor to view these files. Log files rotate after reaching 10MB in size.

Use the Microsoft Active Directory event viewer

In the event you are not seeing user sessions in the Cisco Security Cloud Control, you can look on your Microsoft Active Directory server's event viewers for the following Kerberos-related events:

• 4770

• 4768

For general information about audit policy, see Audit Policy Recommendations on learn.microsoft.com.

For more information about Windows Group Policy Object settings, see Group Policy Objects on learn.microsoft.com.