Field Notice: FN – 72466 – Identity Services Engine – Passive ID WMI Provider Fails After Windows Server KB500442 Installation – Configuration Change Recommended

Problem Description
Cisco Identity Services Engine (ISE) Passive Identity (Passive ID) services that use the Windows Management Instrumentation (WMI) provider will fail after Windows Server KB500442 or later is installed.

Background
The Distributed Component Object Model (DCOM) Remote Protocol is a protocol that is used in communication between the ISE Primary Passive ID node and the Domain Controller that shares the authentication events with ISE. Hardening changes in DCOM through Windows Server KB500442 or later were required to address vulnerability CVE-2021-26414. After the vulnerability is fixed, ISE will lack permissions to fetch the specific Kerberos events that are necessary for Passive ID services when the WMI provider is used.

This advisory can be found at the following link:
https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72466.html