cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2684
Views
17
Helpful
9
Replies
Highlighted

Cisco ISE 2.3 problems with retrieving groups in Active Directory

Hello security fellows,

today i faced strange problem. Deployed ISE 2.3 for PoC and I had issues pretty straight after the installation-I tried to join the ISE to the Active Directory domain, everything was ok, the join point was marked Succesful/Operational, but when I go and try to browse groups - nothing is found.

In the same environment ISE 2.2 is working perfectly.

Does anyone had such issue? Does Cisco implemented something differently according AD?

Thanks,

Best regards!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Ditto that.  But I saw that only when I browsed to ISE 2.3 with IE 11 and then I couldn't see any Groups.

When I open a Firefox browser to the same node and Add Groups, they all appear almost immediately.

View solution in original post

9 REPLIES 9
Highlighted
Advocate

This is funny.  I had the exact same problem on my fresh ISE 2.3 install using the 3515 OVA 600 GB file.  If you to a test user lookup the groups are all there.  We ended up adding the groups in manually.  If you do the test user you can see the group format ISE is expecting.

I have done two other 2.3 installs with no issues in adding AD groups via searches.

Highlighted

Just a follow up I installed the 3515 200 GB in my lab a few days ago and it doesn't have this problem.  My lab AD environment if very small.  I know the customer where I had this issue has a large # of AD groups.

Highlighted

Yes, I used the exact same image!

I Even had problems with test user function... Definetely there is something not right.

Highlighted

Ditto that.  But I saw that only when I browsed to ISE 2.3 with IE 11 and then I couldn't see any Groups.

When I open a Firefox browser to the same node and Add Groups, they all appear almost immediately.

View solution in original post

Highlighted

Ahh great catch.  Just tested with my lab and IE doesn't work for group retrieval.  Firefox and Chrome work perfectly.  I always use Chrome, but the customer that was running the Webex on Friday was using IE. 

Good to know.

Highlighted

Yes, probably is the IE. I'll try other browsers, but i think the customer tested with Firefox and the situation was the same.

Highlighted

Wow cannot believe just by changing browser fixed my issue!!!

Thank you for sharing you rock!!!

Highlighted

Wow.......thanks. If only I came across this post 5 hours ago, I would've saved me precisely 4 hours and 59 minutes.
Highlighted
Cisco Employee

CSCvf93841

opened to track this issue. It might not be externally visible for 1 or 2 days.

Content for Community-Ad