cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3954
Views
0
Helpful
9
Replies

Alarms: Active directory diagnostic tool found issues

sinady
Level 1
Level 1

Dear Team,

I'm facing issue with alarm "Active directory diagnostic tool found issues"

it alert everyday. 

Note: currently i using ISE 2.7 patch 3. 

 

Description

One or more Active Directory diagnostic tests failed during a scheduled run.

Suggested Actions

Run the Active Directory Diagnostic Tool to check current status and view details of issues. Go to External Identity Sources, Active Directory and activate from Advanced Tools.

 

It could have any issue or impact to ISE server and production or not if it still alert like this?

Really appreciated if anyone could help and advise on this.

1 Accepted Solution

Accepted Solutions

Hi @sinady ,

 at Administration > Identity Management > External Identity Sources > Active Directory > select your AD, click Diagnostic Tools, to check the failed diagnostic test, for example:

ADDiagnosticTool.png

 

Hope this helps !!!

View solution in original post

9 Replies 9

marce1000
VIP
VIP

 

 - FYI : https://community.cisco.com/t5/network-access-control/active-directory-diagnostic-tool-found-issues/td-p/3575302

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Thank @marce1000 , I don't see the solution.

 

Could you advise, please!

Hi @sinady ,

 at Administration > Identity Management > External Identity Sources > Active Directory > select your AD, click Diagnostic Tools, to check the failed diagnostic test, for example:

ADDiagnosticTool.png

 

Hope this helps !!!

Thank @Marcelo Morais  for suggestion.

 

If we do that, there is any impact to the operation? 

Hi @sinady ,

 no impact.

 

Hope this helps !!!

Hi @Marcelo Morais , Thank you so much for your confirmed.

 

I already run all of nodes. then we got status on all nodes are warning DNS SRV record query.

 

Please see in the attached file for more detail.

 

Please help to advise on this. Thank you so much.

Hi @sinady ,

 check the following:

ise/admin# nslookup <Node IP Addr> querytype AAAA
Trying "<Node Reverse IP Addr>.in-addr.arpa"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41346
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;<Node Reverse IP Addr>.in-addr.arpa. IN PTR
;; ANSWER SECTION:
<Node Reverse IP Addr>.in-addr.arpa. 14400 IN PTR <Node FQDN>
Received 80 bytes from <DNS IP Addr>#53 in 1 ms


Hope this helps !!!

Hi, what is the purpose to do that? and just only run that command below ?

nslookup <Node IP Addr> querytype AAAA

 

Hi @sinady ,

 a quick check to DNS and Reverse IP Addr.

 

Regards