AD-619

Memory Utilization shows a negative value.

Workaround: After changing the memory, restart the Active Directory agent to refresh the memory capacity.

AD-759

When host provider has been selected as VMware cartridge/Hyper-V cartridge, though the host provider will be changed to IC /Active Directory cartridge later, datastore metrics still display on Exchange Explorer Resource Utilization dashboard.

n/a

Metrics that do not have generally accepted thresholds for alarms are configured as trend alarms.

The significance of trends is dependent on the environment and default settings may generate many meaningless alarms in a busy environment, while failing to fire at all in a smaller environment.

Workaround: We recommended that the administrator allow the agent to collect values over an adequate period of time to observe normal performance and then adjust trend alarms to fire at suitable thresholds.

n/a

In some circumstances, DCs on Windows Server 2012/2012 R2 systems may experience high CPU usage when monitored by the Active Directory agent. This issue only appears when using WinRM connections.
Workaround: Using WMI/DCOM connections prevents this issue. For details, see Troubleshooting.

n/a

Starting from version 5.7.2, Foglight for  Active Directory trusts (by default) any certificates for secure LDAP connections in non-FIPS mode, and does not require users to import the SSL certificate any longer. The only case when users need to import the certificate is when they set the vm parameter "quest.ldap.ssl.trustAnyCert" as False to disable any certificate trust. For detailed information on how to import certificate, refer to Managing certificates section in Foglight for Active Directory User and Reference Guide.

n/a

Microsoft has announced Active Directory LDAP Channel Binding and LDAP signing requirements (https://support.microsoft.com/en-sg/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows). Active Directory and Exchange agents are not supported to connect to LDPA service with non-SSL or TLS-encrypted connection. Below error message will be found in the agent log:
Credential LDAP connectivity test failed: UPN: exc@2016dag.fog.local, error message: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]
Workaround:
1. Import your root certificate into both FMS and FglAM server. For detailed information on how to import certificate, refer to Managing certificates section in Foglight for Active Directory User and Reference Guide.
2. Select enable SSL for LDAP in agent properties and restart the agent.

n/a

Microsoft has announced Active Directory LDAP Channel Binding and LDAP signing requirements (https://support.microsoft.com/en-sg/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows). Below error message will be found in the Certificate Authority (CA) agent log, but agent can collect data normally:
Credential LDAP connectivity test failed: UPN: exc@2016dag.fog.local, error message: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]

n/a

For Windows server 2019 DCs and Certificate Authority, only connecting via WinRM is supported at this release.