ACS 5.3 AD connection test

Dennis Beul · ‎07-02-2012

Hello,

I noticed a strange behaviour on an ACS 5.3 server regarding the Active Directory connection: The ACS is connected to the domain, the connection is established and rule-matching against the AD works fine. But when I hit the "test connection" button on the Active Directory configuration page, I get the error message "Could not resolve hostname".

I'm curious what the "problem" here could be. DNS settings are correct, I can ping and resolve hostnames on the CLI. The server is synchonized with a internal NTP source. I avoided hostnames in the ACS configuration, everything is just IP addresses, and a specific domain controller is not in the configuration - I just configured the FQDN of the Active Directory. So what hostname does the ACS try to resolve when I start the connection test?

It is just a minor issue, but any help or hint would be highly appreciated! Thank you!

Regards

Dennis

Tarik Admani · ‎07-02-2012

Dennis,

You need dns resolution for the domain that ACS joins to along with the DNS resolution (both forward and reverse) of the ACS' hostname also.

thanks,

Tarik Admani

Dennis Beul · ‎07-03-2012

Hi Tarik, thanks for your feedback.

I checked the DNS records, there are records for the domain as well as for the primary ACS (forward and reverse). This a ACS cluster, and I noticed that for the secondary ACS, we only have a forward record, no reverse-lookup record.

I will add the PTR-record for the secondary ACS, check the connection test and come back to you with some feedback.

Amjad Abdullah · ‎07-03-2012

Just like Tarik said check DNS.

Make also sure DNS ip is correctly configured under the ACS box.

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"