Windows User-ID Agent Not Reflecting Mapping From Syslog Server
Created On 04/09/19 14:54 PM - Last Modified 09/21/22 23:08 PM
Cisco ISE or any other syslog sender is sending syslogs to the User-ID Agent server. However, there is no mapping seen on the User-ID Agent. The Packet Capture on the server is clearly showing syslogs being received on the server on port UDP/514.
UaDebug shows following errors:
[Error 2397]: Socket bind error: listening port 5007 is already being used!
[Error 1494]: Failed to setup UDP listening socket for Syslog.
[Info 736]: User-ID Syslog service started.
User-ID Agent installed on Windows Server
Antivirus installed on Windows server is blocking the User-ID application.
If the antivirus application has a firewall component, add the listening port or disable the firewall component.
If that fails, try to disable the antivirus application and reboot the Windows server.
Sometimes, disabling the antivirus does not help and you may need to uninstall it.