Solved: AD authentication not working for one particular account.

Jon Irish · ‎06-24-2016

We just upgraded from 1.3 to 2.1. The upgrade was successful, but now I cannot log into ISE with my AD credentials. They worked fine before the upgrade, and my co-worker has no issue logging in with his AD credentials, so the AD backend is fine. I have verified this by doing a "Test Account" with my AD credentials, and they pass. I have attached screen shots of the successful test and the unsuccessful login attempt. Has anyone seen this, and if so, is there a fix for it?

Thanks!

Jon

hslai · ‎06-24-2016

Please verify that the external AD group(s) still mapped correctly in ISE admin group configurations.

If that is not it, do open a TAC case so our support team may investigate.

View solution in original post

hslai · ‎06-24-2016

Please verify that the external AD group(s) still mapped correctly in ISE admin group configurations.

If that is not it, do open a TAC case so our support team may investigate.

Jon Irish · ‎06-27-2016

I did verify this. It appears that it is only my account having the issue. What is really odd, is that when the first 2.1 appliance came up, I was able to login with my AD account. After bringing the other 3 appliances up with 2.1, it quit working. I guess I will go ahead and create a TAC for this.

thomas · ‎06-25-2016

Jon,

I'd suggest that you review the ISE 2.1 Admin Guide section for Administrative Access to Cisco ISE Using an External Identity Store to ensure you have it configured properly.

-Thomas