Hi All!
I have a problem between Cisco ISE and Active Directory. After adding AD to Cisco ISE I have a Failed Status in Active Directory Diagnostic Tool, rest of test is working good.
Test result:
I've checked SRV and A record via nslookup:
XXXXXXXXISE-w/admin# nslookup AD.AD querytype A
Trying "AD.AD"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30023
;; flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;AD.AD. IN A
;; ANSWER SECTION:
AD.AD. 247 IN A 10.1.1.1
AD.AD. 247 IN A 10.1.1.2
AD.AD. 247 IN A 10.1.1.3
AD.AD. 247 IN A 10.1.1.4
AD.AD. 247 IN A 101.1.5
AD.AD. 247 IN A 10.1.1.6
AD.AD. 247 IN A 10.1.1.7
AD.AD. 247 IN A 10.1.1.8
AD.AD. 247 IN A 10.1.1.9
AD.AD. 247 IN A 10.1.1.10
AD.AD. 247 IN A 10.1.1.11
AD.AD. 247 IN A 10.1.1.12
AD.AD. 247 IN A 10.1.1.13
AD.AD. 247 IN A 10.1.1.14
AD.AD. 247 IN A 10.1.1.15
Received 264 bytes from 10.2.2.2#53 in 10 ms
XXXXXXISE-w/admin# nslookup AD.AD querytype srv
Trying "AD.AD"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42484
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;AD.AD. IN SRV
;; AUTHORITY SECTION:
AD.AD. 3587 IN SOA XXXXXXX.AD.AD. hostmaster. 2664884 900 600 86400 3600
Received 83 bytes from 10.2.2.2#53 in 8 ms
Please be aware that 10.2.2.2 is DNS server for Cisco ISE - this IP address is fake address (I must replace original IP based on security)
All IP address in this discussion is fake
How can I resolve this problem ?
