AD connector with ISE

jack lee · ‎05-02-2018

hi all,

When ISE with active directory is displayed failed for test user . User is not able to get authenticated. Only Restart Active Directory Connector can solve the issue.Our ise version is 2.3.0.298. Why does this happen?

RichardAtkin · ‎05-04-2018

Are you on patch 3? If no, I'd get that on first - big fan of keeping ISE up to date!

You say you're restarting a connector to get it working - I don't understand what you mean by this. What connector? Do you mean you're using the Passive AD Agent? Or do you mean you're rebooting the whole ISE?

When the user fails to authenticate, what error does it come back with - why does ISE say it failed? Have you been able to find the failure in the AD Event Log to see what AD thinks is happening?

jack lee · ‎05-04-2018

Hi Richard Thank you! we use the passive AD Agent. I will check the AD Event Log.

RichardAtkin · ‎05-04-2018

Ok, so can you give us some context about what you're trying to do with ISE and why you're using the PIC? You say you're trying to authenticate somebody, but the Passive Identity Connector isn't really for that, it's for getting access to Login info from AD. If you want to authenticate people, you need to set up AD as an external identity source, which is different to the PIC.

Just trying to get my head around your use case so I can give you a proper answer...

jack lee · ‎05-21-2018

hi ， I want to know the reconnection mechanism of AD connector and ISE ? Thank you!