取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

96
查看次数
0
有帮助
4
回复
liyanazure
Beginner

ISE always find the old AD ldap which is offline

The Customer has an ise(version 2.0) and there have 6 AD server(windows 2008*2/windows 2012*2/windows 2016*2).

He let windows 2008 offline then his wireless authentication failed.The error on ise is below.

11051 RADIUS packet contain invaild state attribute

24444 Active Directory operation has failed because of an unspecified error in the ISE

We check the ad_agent.log and find ISE always want to find the old ldap on AD server of windows 2008.

The information is on attachment.

Hope someone can help.

Thanks!!!

4 条回复4
liyanazure
Beginner

Jun 17 18:56:10 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state ProbePorts complete for cnsrv004.cn.thyssenkrupp.as. Elapsed time 0.001615 secs
Jun 17 18:56:10 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::search :(&(NtVer=\06\00\00\00))
Jun 17 18:56:10 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::connectToServer - 10.100.47.84
Jun 17 18:56:10 TKECC-ISE-01 adclient[2999]: DIAG <bg:netstate> base.bind.ldap 10.100.47.84:389 search base="" filter="(&(NtVer=\06\00\00\00))"
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.osutil Module=LDAP : time out : Timed out (reference base/ldapsearch.cpp:117 rc: -5)
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state DC cnsrv004-old.cn.thyssenkrupp.as(10.100.47.84) did not reply
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::search :(&(NtVer=\06\00\00\00))
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::connectToServer - 10.100.47.103
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DIAG <bg:netstate> base.bind.ldap 10.100.47.103:389 search base="" filter="(&(NtVer=\06\00\00\00))"
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> lrpc.adobject new object:
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo forest = thyssenkrupp.as
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo domain = cn.thyssenkrupp.as
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo hostName = CNSRV003.cn.thyssenkrupp.as
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo siteName1 = TKECC
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo siteName2 = TKECC
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isWritable = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isClosestSite = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isTimeServer = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isKDC = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isDSRV = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isLDAP = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isGC = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isPDC = false
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state DC cnsrv003.cn.thyssenkrupp.as(10.100.47.103) answered in 0.000527 secs: Success
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.103 in 0.000486 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.103 in 0.000153 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.103 in 0.000175 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.103 in 0.000175 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.103 in 0.000140 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state ProbePorts complete for cnsrv003.cn.thyssenkrupp.as. Elapsed time 0.001807 secs
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::search :(&(NtVer=\06\00\00\00))
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::connectToServer - 10.100.47.114
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DIAG <bg:netstate> base.bind.ldap 10.100.47.114:389 search base="" filter="(&(NtVer=\06\00\00\00))"
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> lrpc.adobject new object:
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo forest = thyssenkrupp.as
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo domain = cn.thyssenkrupp.as
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo hostName = CNSRV014.cn.thyssenkrupp.as
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo siteName1 = TKECC
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo siteName2 = TKECC
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isWritable = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isClosestSite = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isTimeServer = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isKDC = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isDSRV = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isLDAP = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isGC = true
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> dns.siteinfo isPDC = false
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state DC cnsrv014.cn.thyssenkrupp.as(10.100.47.114) answered in 0.000511 secs: Success
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.114 in 0.000189 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.114 in 0.000156 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.114 in 0.000159 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.114 in 0.000183 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> util.io.connectutil Connected to 10.100.47.114 in 0.000150 seconds
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state ProbePorts complete for cnsrv014.cn.thyssenkrupp.as. Elapsed time 0.001642 secs
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::search :(&(NtVer=\06\00\00\00))
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.bind.udp UDPBinding::connectToServer - 10.100.47.85
Jun 17 18:56:11 TKECC-ISE-01 adclient[2999]: DIAG <bg:netstate> base.bind.ldap 10.100.47.85:389 search base="" filter="(&(NtVer=\06\00\00\00))"
Jun 17 18:56:12 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> base.osutil Module=LDAP : time out : Timed out (reference base/ldapsearch.cpp:117 rc: -5)
Jun 17 18:56:12 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state DC CNSRV046-old.cn.thyssenkrupp.as(10.100.47.85) did not reply
Jun 17 18:56:12 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state CacheAccess purge
Jun 17 18:56:12 TKECC-ISE-01 adclient[2999]: DEBUG <bg:ageBindings> util.settings Setting domaincontroller to cnsrv014.cn.thyssenkrupp.as
Jun 17 18:56:42 TKECC-ISE-01 adclient[2999]: DEBUG <background> daemon.main now = Fri Jun 17 18:56:42 2022, nextPasswordChange: Mon Jul 11 16:51:10 2022, lastKrb5Renew: Fri Jun 17 11:27:43 2022, lastCacheCleanup: Fri Jun 17 18:50:55 2022, lastPrevalidate: Fri Jun 17 11:27:43 2022, lastChkDatadir: Fri Jun 17 18:53:55 2022, lastAzmanRefresh: Fri Jun 17 18:40:25 2022
Jun 17 18:56:42 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state CacheAccess purge
Jun 17 18:56:42 TKECC-ISE-01 adclient[2999]: DEBUG <bg:ageBindings> util.settings Setting domaincontroller to cnsrv014.cn.thyssenkrupp.as
Jun 17 18:57:12 TKECC-ISE-01 adclient[2999]: DEBUG <background> daemon.main now = Fri Jun 17 18:57:12 2022, nextPasswordChange: Mon Jul 11 16:51:10 2022, lastKrb5Renew: Fri Jun 17 11:27:43 2022, lastCacheCleanup: Fri Jun 17 18:50:55 2022, lastPrevalidate: Fri Jun 17 11:27:43 2022, lastChkDatadir: Fri Jun 17 18:53:55 2022, lastAzmanRefresh: Fri Jun 17 18:40:25 2022
Jun 17 18:57:12 TKECC-ISE-01 adclient[2999]: DEBUG <bg:netstate> network.state CacheAccess purge
Jun 17 18:57:12 TKECC-ISE-01 adclient[2999]: DEBUG <bg:ageBindings> util.settings Setting domaincontroller to cnsrv014.cn.thyssenkrupp.as
Jun 17 18:57:17 TKECC-ISE-01 adclient[2999]: DEBUG <bg:bindingRefresh> base.adagent ADAgent::refreshBindings -- starting
Jun 17 18:57:17 TKECC-ISE-01 adclient[2999]: DEBUG <bg:bindingRefresh> base.adagent ADAgent::refreshBindings -- ending (fastReschedule = false)