cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2475
Views
0
Helpful
9
Replies

Alarms: Active directory diagnostic tool found issues

sinady
Beginner
Beginner

Dear Team,

I'm facing issue with alarm "Active directory diagnostic tool found issues"

it alert everyday. 

Note: currently i using ISE 2.7 patch 3. 

 

Description

One or more Active Directory diagnostic tests failed during a scheduled run.

Suggested Actions

Run the Active Directory Diagnostic Tool to check current status and view details of issues. Go to External Identity Sources, Active Directory and activate from Advanced Tools.

 

It could have any issue or impact to ISE server and production or not if it still alert like this?

Really appreciated if anyone could help and advise on this.

1 ACCEPTED SOLUTION

Accepted Solutions

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

Hi @sinady ,

 at Administration > Identity Management > External Identity Sources > Active Directory > select your AD, click Diagnostic Tools, to check the failed diagnostic test, for example:

ADDiagnosticTool.png

 

Hope this helps !!!

View solution in original post

9 REPLIES 9

Thank @marce1000 , I don't see the solution.

 

Could you advise, please!

Marcelo Morais
VIP Advisor VIP Advisor
VIP Advisor

Hi @sinady ,

 at Administration > Identity Management > External Identity Sources > Active Directory > select your AD, click Diagnostic Tools, to check the failed diagnostic test, for example:

ADDiagnosticTool.png

 

Hope this helps !!!

Thank @Marcelo Morais  for suggestion.

 

If we do that, there is any impact to the operation? 

Hi @sinady ,

 no impact.

 

Hope this helps !!!

Hi @Marcelo Morais , Thank you so much for your confirmed.

 

I already run all of nodes. then we got status on all nodes are warning DNS SRV record query.

 

Please see in the attached file for more detail.

 

Please help to advise on this. Thank you so much.

Hi @sinady ,

 check the following:

ise/admin# nslookup <Node IP Addr> querytype AAAA
Trying "<Node Reverse IP Addr>.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41346
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;<Node Reverse IP Addr>.in-addr.arpa. IN PTR
;; ANSWER SECTION:
<Node Reverse IP Addr>.in-addr.arpa. 14400 IN PTR <Node FQDN>
Received 80 bytes from <DNS IP Addr>#53 in 1 ms


Hope this helps !!!

Hi, what is the purpose to do that? and just only run that command below ?

nslookup <Node IP Addr> querytype AAAA

 

Hi @sinady ,

 a quick check to DNS and Reverse IP Addr.

 

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: