This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi All!
I have a problem between Cisco ISE and Active Directory. After adding AD to Cisco ISE I have a Failed Status in Active Directory Diagnostic Tool, rest of test is working good.
Test result:
I've checked SRV and A record via nslookup:
XXXXXXXXISE-w/admin# nslookup AD.AD querytype A
Trying "AD.AD"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30023
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;AD.AD. IN A
;; ANSWER SECTION:
AD.AD. 247 IN A 10.1.1.1
AD.AD. 247 IN A 10.1.1.2
AD.AD. 247 IN A 10.1.1.3
AD.AD. 247 IN A 10.1.1.4
AD.AD. 247 IN A 101.1.5
AD.AD. 247 IN A 10.1.1.6
AD.AD. 247 IN A 10.1.1.7
AD.AD. 247 IN A 10.1.1.8
AD.AD. 247 IN A 10.1.1.9
AD.AD. 247 IN A 10.1.1.10
AD.AD. 247 IN A 10.1.1.11
AD.AD. 247 IN A 10.1.1.12
AD.AD. 247 IN A 10.1.1.13
AD.AD. 247 IN A 10.1.1.14
AD.AD. 247 IN A 10.1.1.15
Received 264 bytes from 10.2.2.2#53 in 10 ms
XXXXXXISE-w/admin# nslookup AD.AD querytype srv
Trying "AD.AD"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42484
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;AD.AD. IN SRV
;; AUTHORITY SECTION:
AD.AD. 3587 IN SOA XXXXXXX.AD.AD. hostmaster. 2664884 900 600 86400 3600
Received 83 bytes from 10.2.2.2#53 in 8 ms
Please be aware that 10.2.2.2 is DNS server for Cisco ISE - this IP address is fake address (I must replace original IP based on security)
All IP address in this discussion is fake
How can I resolve this problem ?
Solved! Go to Solution.
Sounds like a DNS issue.
Suggest you call TAC for troubleshooting.