cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
874
Views
0
Helpful
1
Replies

Acs 5.2 ad integration multi dc servers

aram_galestian
Level 1
Level 1

Hello

As we hade acs 4 installed on windows server befor and we are planing to move acs 5.2 but the problem will acour once

We try to join acs to ad as we have over dc server around the world. i would like to lock acs to only connect to subset of dc serv wich is at same subnet as acs server

To avoid network latency and as well to faster update as i understand acs 5 do not use site information from ad and there is not posibility to change hosts file on acs applince..

Do you know if there is any good solution or if cisco is working to provide a better ad integration sollutions ?

I have read that many have same problem but any good sollutions ?

Best regard

Aram

1 Reply 1

aram_galestian
Level 1
Level 1

Found a solution..

ACS 5.2 during Joing AD "Test Connection" and Save procedure asking the DNS for all DC and AD Global catalog from DNS server. If you have a lot DC around world/network and ACS do not have access to this AD server the save opration will

hang during a longt timeout.

I did setup a smal dns server to use during joing and saving Active Directory settings. and that make it works

Here is the DNS entry needed .

dc01   IN A    192.168.1.2

_ldap._tcp                                               IN SRV 0 0 389 dc01.example.com.

_ldap._tcp.SITE-"SITNAME"._sites          IN SRV 0 0 389 dc01.example.com.

_gc._tcp                                                  IN SRV 0 0 3268 dc01.example.com.

_gc._tcp.SITE-"SITNAME"._sites              IN SRV 0 0 3268 dc01.example.com.

_kerberos._tcp.SITE-"SITENAME"._sites IN SRV 0 0 88 dc01.example.com.

_kerberos._tcp                                        IN SRV 0 0 88 dc01.example.com.