https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427911#M530150 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P>Do you have any link for the fix CSCvb46425. I cannot find any information about that fix.</P><P></P><P></P><P>Regards,</P><P>Christian</P></BODY></HTML> Wed, 19 Apr 2017 09:18:15 GMT Christian Overrein 2017-04-19T09:18:15Z https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427909#M530148 <HTML><HEAD></HEAD><BODY><P>I have a distributed ISE solution implementet.</P><P></P><P>Se attachement ISE-Deployment.</P><P></P><P>The ISE nodes are jointed to respective Active Directory as in the picture.</P><P></P><P>I get alarm on all ISE nodes that are not joined in AD that "Active Directory not joined". Se attachement ISE_Alarm.</P><P></P><P>All radius athentications working great in all domains.</P><P></P><P></P><P>One of the challanges is external identity mapping medn retriving groups from AD. It says that the Primary Administrations Node need to be a member for the domain.</P><P>- I have tested to join the domain with Primary Admin node, do the group mapping and then leave the domain. That works great. If the admin nodes is member of all domains the PSN and MNT generate alarms. Same alarm as the attachement.</P><P></P><P>The configuration for External Identity Sources looks like this:</P><P>&nbsp;&nbsp;&nbsp;&nbsp; Active Directory</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Initial_Scope</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Domain-1</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Domain-2</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Domain-3</P><P></P><P></P><P>I have also tried with scope for each domain.</P><P></P><P>Do anyone have som ideas here?</P><P></P><P>Thanx for any answers and help.</P></BODY></HTML> Tue, 18 Apr 2017 13:36:20 GMT https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427909#M530148 Christian Overrein 2017-04-18T13:36:20Z https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427910#M530149 <HTML><HEAD></HEAD><BODY><P>If on ISE 2.2, this alarm is added as the fix for CSCvb46425. If any alarm alerting it incorrectly, please engage Cisco TAC.</P></BODY></HTML> Tue, 18 Apr 2017 21:04:12 GMT https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427910#M530149 hslai 2017-04-18T21:04:12Z https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427911#M530150 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P>Do you have any link for the fix CSCvb46425. I cannot find any information about that fix.</P><P></P><P></P><P>Regards,</P><P>Christian</P></BODY></HTML> Wed, 19 Apr 2017 09:18:15 GMT https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427911#M530150 Christian Overrein 2017-04-19T09:18:15Z https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427912#M530153 <HTML><HEAD></HEAD><BODY><P>Please see <A href="https://community.cisco.com/docs/DOC-72004">Bug Status &amp;amp; Notifications</A></P></BODY></HTML> Wed, 19 Apr 2017 14:51:16 GMT https://community.cisco.com/t5/network-access-control/distributed-ise-ad-connection/m-p/3427912#M530153 thomas 2017-04-19T14:51:16Z