https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726961#M238841 <HTML><HEAD></HEAD><BODY><P>The ACS server is on our management vlan and for security reasons can't have a DC on it. The child domain I don't think would work because we have a primary server with multiple secondary ACS servers that will be going to different sites. So all the secondary servers at the different sites would try to point to our DC at the main site which we want them going to their sites DC.</P></BODY></HTML> Thu, 14 Apr 2011 17:20:06 GMT dsmc 2011-04-14T17:20:06Z https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726959#M238839 <P>Is it possible to edit the hosts file on an ACS 1121 server running ACS 5.2? Our problem is we have a single domain with multiple domain controllers at different sites. So when the ACS server tries connecting to the domain it randomly picks a domain controller which it can't connect to thus causing it to fail. I found an other thread <A href="https://community.cisco.com/thread/2024431" target="_blank">https://supportforums.cisco.com/thread/2024431</A> that has the same problem and was identified as an issue, but no more information on if it was resolved.</P> Mon, 11 Mar 2019 00:59:27 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726959#M238839 dsmc 2019-03-11T00:59:27Z https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726960#M238840 <HTML><HEAD></HEAD><BODY><P>How about setting up a small DNS server on a PC in the ACS subnet that would return only the right SRV records of DCs that are available ?</P><P></P><P>How about creating a child domain to your domain with only accessible DCs ? If ACS joins that child domain it can authenticate anyone in the domain since there are trust relationships.</P><P></P><P>Those are workaround ideas.</P></BODY></HTML> Thu, 14 Apr 2011 17:11:01 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726960#M238840 Nicolas Darchis 2011-04-14T17:11:01Z https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726961#M238841 <HTML><HEAD></HEAD><BODY><P>The ACS server is on our management vlan and for security reasons can't have a DC on it. The child domain I don't think would work because we have a primary server with multiple secondary ACS servers that will be going to different sites. So all the secondary servers at the different sites would try to point to our DC at the main site which we want them going to their sites DC.</P></BODY></HTML> Thu, 14 Apr 2011 17:20:06 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726961#M238841 dsmc 2011-04-14T17:20:06Z https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726962#M238842 <HTML><HEAD></HEAD><BODY><P>I didn't say you needed a DC on your management vlan.</P><P>Just turn on a PC with a DNS application on it. Configure the ACS to use that as DNS server. Voila !</P><P>The PC-DNS will give the ip addresses of the DCs you want in the domain.</P><P></P><P>Let's be clear, I never tried this but it sounds feasible to me no ?</P></BODY></HTML> Thu, 14 Apr 2011 17:26:47 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726962#M238842 Nicolas Darchis 2011-04-14T17:26:47Z https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726963#M238845 <HTML><HEAD></HEAD><BODY><P>I think that would work, but I just checked and was told we can't have a PC on the management vlan.</P></BODY></HTML> Thu, 14 Apr 2011 17:31:02 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726963#M238845 dsmc 2011-04-14T17:31:02Z https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726964#M238846 <HTML><HEAD></HEAD><BODY><P>My suggestion would be to use the internal router as an dns forwarder.. One problem is it violates the regulations to enable that.</P></BODY></HTML> Thu, 14 Apr 2011 17:32:04 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-edit-hosts-file/m-p/1726964#M238846 cmarsteller 2011-04-14T17:32:04Z