AD Profiler Not Working with FQDN in 2.4

paul · ‎08-10-2018

In version prior to 2.4 ISE was able to utilize two sources of information to do the AD lookup for the AD profiler:

DHCP hostname information obtained from device sensor/IP helper forwarding.
FQDN obtained from reverse DNS lookup when DNS profiler is open.

In 2.4, I am only seeing AD profiler work when I get DHCP hostname. Is that functioning as designed for a bug?

hslai · ‎08-10-2018

What patch level is your ISE 2.4? I've seen some problem with ISE 2.4 Patch 1.

paul · ‎08-10-2018

Patch 1 going to patch 2 this weekend.

hslai · ‎08-10-2018

I have not tried Patch 2 in our training lab yet. I only noticed that our ISE 2.4 update lab having this issue with Patch 1 but working fine without this patch.

paul · ‎08-12-2018

Hsing,

I just upgraded my large 20 node deployment to patch 2 and retested the DNS profiling feeding into the AD profiler.

I deleted my test endpoint and did a clear access-session on the port. This only forces the reauth, but will not force a new DHCP from the computer. ISE learned the MAC address and the DNS profiler did correctly put in the FQDN, but the AD profiler never kicked in.

I think shut/no shut the port to force a DHCP. Device sensor learned the DHCP hostname, feed it to ISE and immediately the AD profiler ran.

Do you need me to open a TAC case on this to get a bug going or because you have seen it in the lab you can file the bug?