// // Leave a Comment

A call to SSPI failed, see inner exception error Cisco Firepower User Agent for Active Directory

Today I have upgraded my Active Directory Domain Controller to Windows 2016 Datacenter, no issue found during the upgrade and everything went smooth.  My Cisco Firepower User Agent for Active Directory V2.3 was working on my old Windows 2008 Active Directory server. So I thought to install it on new Windows 2016 server and to remove old server.

Therefore, I installed Cisco Firepower User Agent for Active Directory v2.3 on new Windows 2016 AD server. Installation went fine, then In Cisco Firepower User Agent for Active Directory, I added the host (New Windows 2016 AD Server). It shows status – available. In Firepower management center I added FireSight Server IP address. But after a few minutes later its state became unavailable.

I checked my Event viewer and Cisco Firepower User Agent for Active Directory logs and it was showing below error,
"A call to SSPI failed, see inner exception"
[2201] - Report login information from   localhost to 10.11.0.243 failed after 01/11/2018 9:20:11 AM. [A call to SSPI failed, see inner exception.].

To resolve this issue you have to,

Solution 1.  Uninstall Microsoft updates KB3161606 and KB3161608 and prevent them from reinstalling again on your system.

Solution 2. In my case above solution did not work, as I did not find above KBs on Windows 2016. Then I edited my registry keys.
Edit the registry:
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\
*Add the new Key name “Diffie-Hellman“
*Under the newly created Key, add the DWORD Value.
*Type "ClientMinKeyBitLength" for the name of the DWORD, and then press Enter.


*Right-click ClientMinKeyBitLength, and then click Modify.
In the Value data box, type "200" in Hex, and then click OK.
*Restart Cisco Agent service and everything will start working again.
Check authentication logs on FMC under Analysis > Users > User Activity.

 
Read More