cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
711
Views
0
Helpful
2
Replies

Cisco ACS 5.5 - External Identity Stores - AD - node 2 - Node Not Responding

hujian
Level 1
Level 1

Hi All,

 

I login Node1 GUI [Primary node], found node 2 [Secondary node] status: Node Not Responding. Join/Test Connection from Node1 for Node2 failed.

Cisco ACS 5.5 - External Identity Stores - AD - node 2 - status: Node Not Responding

 

However, I login to Node2 GUI and verified that Node2 to AD is Joint and Connected. Join/Test Connection from Node2 are all passed.

 

Configuration replication is working fine. I believe Node1 is using IP to communicate with Node2

System Administration, Operations, Distributed System Management, Node2 status: Updated and Replication time is recent.

 

For AD, it seems like Node1 couldn't talk to Node2 to check the communication between Node2 and AD. But Node2 is able to communicate with AD.

Are they using DNS to resolve from nodename to IP? Do we have to register A record on DNS server for both ACS nodes?

 

SSH to both nodes and show application status, all running.

 

Thoughts?

 

Thanks!

2 Replies 2

eoinwhite1
Level 1
Level 1

I've seen the same issue ... seems to be a bug.

https://tools.cisco.com/quickview/bug/CSCuv10688

ajc
Level 7
Level 7

In order to join Secondary Node and PSNs to Primary PAN Node is mandatory to have a DNS Entry for the FQDN Name of the Secondary and PSNs ISEs and valid certificate on those signed by a trusted certificate authority registered on Primary ISE Local Certificate Store.