https://community.cisco.com/t5/network-access-control/cisco-acs-5-5-external-identity-stores-ad-node-2-node-not/m-p/2616733#M74728 <P>Hi All,</P><P>&nbsp;</P><P>I login&nbsp;Node1 GUI [Primary node], found node 2 [Secondary node] status: Node Not Responding.&nbsp;Join/Test Connection from Node1&nbsp;for Node2&nbsp;failed.</P><P><EM>Cisco ACS 5.5 - External Identity Stores - AD - node 2 - status: Node Not Responding</EM></P><P>&nbsp;</P><P>However, I login to Node2 GUI and verified that Node2 to AD is Joint and Connected. Join/Test Connection from Node2 are&nbsp;all passed.</P><P>&nbsp;</P><P>Configuration replication is working fine. I believe Node1 is using IP to communicate with Node2</P><P><EM>System Administration, Operations, Distributed System Management, Node2 status: Updated and Replication time&nbsp;is recent.</EM></P><P>&nbsp;</P><P>For AD, it seems like Node1 couldn't talk to Node2 to check the communication between Node2 and AD. But Node2 is able to communicate with AD.</P><P>Are they using DNS to resolve from nodename to IP? Do we have to register A record on DNS server for both ACS nodes?</P><P>&nbsp;</P><P>SSH to both nodes and show application status, all running.</P><P>&nbsp;</P><P>Thoughts?</P><P>&nbsp;</P><P>Thanks!</P> Mon, 11 Mar 2019 05:24:56 GMT hujian 2019-03-11T05:24:56Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-5-external-identity-stores-ad-node-2-node-not/m-p/2616733#M74728 <P>Hi All,</P><P>&nbsp;</P><P>I login&nbsp;Node1 GUI [Primary node], found node 2 [Secondary node] status: Node Not Responding.&nbsp;Join/Test Connection from Node1&nbsp;for Node2&nbsp;failed.</P><P><EM>Cisco ACS 5.5 - External Identity Stores - AD - node 2 - status: Node Not Responding</EM></P><P>&nbsp;</P><P>However, I login to Node2 GUI and verified that Node2 to AD is Joint and Connected. Join/Test Connection from Node2 are&nbsp;all passed.</P><P>&nbsp;</P><P>Configuration replication is working fine. I believe Node1 is using IP to communicate with Node2</P><P><EM>System Administration, Operations, Distributed System Management, Node2 status: Updated and Replication time&nbsp;is recent.</EM></P><P>&nbsp;</P><P>For AD, it seems like Node1 couldn't talk to Node2 to check the communication between Node2 and AD. But Node2 is able to communicate with AD.</P><P>Are they using DNS to resolve from nodename to IP? Do we have to register A record on DNS server for both ACS nodes?</P><P>&nbsp;</P><P>SSH to both nodes and show application status, all running.</P><P>&nbsp;</P><P>Thoughts?</P><P>&nbsp;</P><P>Thanks!</P> Mon, 11 Mar 2019 05:24:56 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-5-external-identity-stores-ad-node-2-node-not/m-p/2616733#M74728 hujian 2019-03-11T05:24:56Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-5-external-identity-stores-ad-node-2-node-not/m-p/2616734#M74729 <P>I've seen the same issue ... seems to be a bug.</P><P>https://tools.cisco.com/quickview/bug/CSCuv10688</P> Wed, 22 Jul 2015 19:44:13 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-5-external-identity-stores-ad-node-2-node-not/m-p/2616734#M74729 eoinwhite1 2015-07-22T19:44:13Z https://community.cisco.com/t5/network-access-control/cisco-acs-5-5-external-identity-stores-ad-node-2-node-not/m-p/2616735#M74730 <P>In order to join Secondary Node and PSNs to Primary PAN Node is mandatory to have a DNS Entry for the FQDN Name of the Secondary and PSNs ISEs&nbsp;and valid certificate on those signed by a trusted certificate authority registered on Primary ISE Local Certificate Store.</P> Fri, 24 Jul 2015 17:01:59 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-5-5-external-identity-stores-ad-node-2-node-not/m-p/2616735#M74730 ajc 2015-07-24T17:01:59Z