Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4206
Views
22
Helpful
9
Replies

Cisco ISE 2.3 problems with retrieving groups in Active Directory

Go to solution
Alexander Vasilev
Level 1
Level 1

‎09-08-2017 12:30 PM

Hello security fellows,

today i faced strange problem. Deployed ISE 2.3 for PoC and I had issues pretty straight after the installation-I tried to join the ISE to the Active Directory domain, everything was ok, the join point was marked Succesful/Operational, but when I go and try to browse groups - nothing is found.

In the same environment ISE 2.2 is working perfectly.

Does anyone had such issue? Does Cisco implemented something differently according AD?

Thanks,

Best regards!

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP
In response to Alexander Vasilev

‎09-10-2017 03:33 PM

Ditto that.  But I saw that only when I browsed to ISE 2.3 with IE 11 and then I couldn't see any Groups.

When I open a Firefox browser to the same node and Add Groups, they all appear almost immediately.

View solution in original post

9 Replies 9

Go to solution
paul
Level 10
Level 10

‎09-08-2017 12:39 PM

This is funny.  I had the exact same problem on my fresh ISE 2.3 install using the 3515 OVA 600 GB file.  If you to a test user lookup the groups are all there.  We ended up adding the groups in manually.  If you do the test user you can see the group format ISE is expecting.

I have done two other 2.3 installs with no issues in adding AD groups via searches.

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to paul

‎09-08-2017 12:41 PM

Just a follow up I installed the 3515 200 GB in my lab a few days ago and it doesn't have this problem.  My lab AD environment if very small.  I know the customer where I had this issue has a large # of AD groups.

0 Helpful

Go to solution
Alexander Vasilev
Level 1
Level 1
In response to paul

‎09-08-2017 12:47 PM

Yes, I used the exact same image!

I Even had problems with test user function... Definetely there is something not right.

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to Alexander Vasilev

‎09-10-2017 03:33 PM

Ditto that.  But I saw that only when I browsed to ISE 2.3 with IE 11 and then I couldn't see any Groups.

When I open a Firefox browser to the same node and Add Groups, they all appear almost immediately.

Go to solution
paul
Level 10
Level 10
In response to Arne Bier

‎09-10-2017 06:06 PM

Ahh great catch.  Just tested with my lab and IE doesn't work for group retrieval.  Firefox and Chrome work perfectly.  I always use Chrome, but the customer that was running the Webex on Friday was using IE. 

Good to know.

0 Helpful

Go to solution
Alexander Vasilev
Level 1
Level 1
In response to Arne Bier

‎09-10-2017 10:29 PM

Yes, probably is the IE. I'll try other browsers, but i think the customer tested with Firefox and the situation was the same.

0 Helpful

Go to solution
tatyanavilleda
Level 1
Level 1
In response to Arne Bier

‎04-26-2019 08:08 AM

Wow cannot believe just by changing browser fixed my issue!!!

Thank you for sharing you rock!!!

0 Helpful

Go to solution
Ricky Sandhu
Level 3
Level 3
In response to Arne Bier

‎11-06-2019 08:04 AM

Wow.......thanks. If only I came across this post 5 hours ago, I would've saved me precisely 4 hours and 59 minutes.
0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-12-2017 03:59 PM

CSCvf93841

opened to track this issue. It might not be externally visible for 1 or 2 days.

Customers Also Viewed These Support Documents