topic ISE-PIC AD DS (global vs site based SRV request) in Network Access Control https://community.cisco.com/t5/network-access-control/ise-pic-ad-ds-global-vs-site-based-srv-request/m-p/3751104#M487860 <P>uys</P> <P>&nbsp;</P> <P>My client is trying to integrate ISE-PIC with AD (for Passive auth) with “FMC”.</P> <P><EM><SPAN>&nbsp;</SPAN></EM></P> <P><EM>I</EM><SPAN>n the ISE-PIC Admin guide, I read <EM>"You might not be able to join Cisco ISE-PIC with an Active Directory domain if the DNS SRV records are missing </EM></SPAN>(the domain controllers do not advertise their SRV records for the domain that you are trying to join to)"</P> <P>&nbsp;</P> <P>When I sent this to my client, he replied with "<SPAN>That is our problem. Not all DCs can be resolved by <STRONG><EM><U>global DNS SRV records</U>.</EM></STRONG> But <STRONG><EM><U>we have all SRV records based by sites"</U></EM></STRONG></SPAN></P> <P>&nbsp;</P> <P><SPAN>I have reached my AD DS knowledge on this last one.</SPAN></P> <P>&nbsp;</P> <P>Is there a way to address that issue on ISE-PIC?&nbsp;</P> <P>&nbsp;</P> <P>Thank you</P> <P>Sam</P> Thu, 22 Nov 2018 01:11:24 GMT Samuel Vuillaume 2018-11-22T01:11:24Z ISE-PIC AD DS (global vs site based SRV request) https://community.cisco.com/t5/network-access-control/ise-pic-ad-ds-global-vs-site-based-srv-request/m-p/3751104#M487860 <P>uys</P> <P>&nbsp;</P> <P>My client is trying to integrate ISE-PIC with AD (for Passive auth) with “FMC”.</P> <P><EM><SPAN>&nbsp;</SPAN></EM></P> <P><EM>I</EM><SPAN>n the ISE-PIC Admin guide, I read <EM>"You might not be able to join Cisco ISE-PIC with an Active Directory domain if the DNS SRV records are missing </EM></SPAN>(the domain controllers do not advertise their SRV records for the domain that you are trying to join to)"</P> <P>&nbsp;</P> <P>When I sent this to my client, he replied with "<SPAN>That is our problem. Not all DCs can be resolved by <STRONG><EM><U>global DNS SRV records</U>.</EM></STRONG> But <STRONG><EM><U>we have all SRV records based by sites"</U></EM></STRONG></SPAN></P> <P>&nbsp;</P> <P><SPAN>I have reached my AD DS knowledge on this last one.</SPAN></P> <P>&nbsp;</P> <P>Is there a way to address that issue on ISE-PIC?&nbsp;</P> <P>&nbsp;</P> <P>Thank you</P> <P>Sam</P> Thu, 22 Nov 2018 01:11:24 GMT https://community.cisco.com/t5/network-access-control/ise-pic-ad-ds-global-vs-site-based-srv-request/m-p/3751104#M487860 Samuel Vuillaume 2018-11-22T01:11:24Z Re: ISE-PIC AD DS (global vs site based SRV request) https://community.cisco.com/t5/network-access-control/ise-pic-ad-ds-global-vs-site-based-srv-request/m-p/3764454#M487862 <P>I hope you already engaged TAC to troubleshoot this. If I were you, I would enable DEBUG on the AD component and perform a packet capture of DNS requests from ISE-PIC and check what specific records are missing.</P> Sun, 16 Dec 2018 03:50:14 GMT https://community.cisco.com/t5/network-access-control/ise-pic-ad-ds-global-vs-site-based-srv-request/m-p/3764454#M487862 hslai 2018-12-16T03:50:14Z