03-09-2018 09:18 PM
Guys,
We suddenly have issue with our authentication, on live logs we always get 24403 user authentication against active directory failed , BUT as per checking in External Identity Source we able to do Test User and it was SUCCESS. We double check also our AD, no issue.
Anyone have encounter same issue? I have attached some screenshot.
03-09-2018 10:12 PM
Please enable DEBUG on Active Directory to logging level TRACE and check ad_agent.log. If needed, engage Cisco TAC to troubleshoot further.
03-11-2018 08:02 AM
Sometimes you may get an indication of failure by reviewing the remaining steps in the Authentication Details log (full value not displayed in screenshot), but certainly the debug logs will provide much deeper detail as Hsing-Tsu suggested.
03-11-2018 07:35 PM
Will there be impact if i change the settings, like reboot of service & etc.? whats the difference between TRACE & WARN?
The ad_agent.log which directory I can find it?
03-12-2018 06:39 PM
With debugging on, ISE produces more log files. It's ok to debug for a short while and it would not affect ISE services in general. TRACE is the most detailed logging in most of ISE components.
To access ad_agent.log, you may do one of the following:
03-28-2018 01:14 AM
Thanks hslai ... I will try that
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: