Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3037
Views
0
Helpful
6
Replies

DCs not showing on ISE

Go to solution
PedroDias1994
Level 1
Level 1

‎07-13-2020 09:49 AM

Hello,

 

I am integrating Cisco ISE with Microsoft AD and I am having a problem adding the Domain Controllers (DCs) on PassiveID.

 

I have already performed the 'Join' between ISE and AD successfully. Both ISE nodes are operational and I can see both DCs on the Connection tab, but when I go to the PassiveID tab to add the Domain Controllers, I can't find the 2 DCs....

 

Is some configuration missing on the DC side? On ISE?

 

Thanks for your help :)

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
PedroDias1994
Level 1
Level 1
In response to Marvin Rhoads

‎07-17-2020 01:34 AM

Hi Marvin,

I have figured it out a way to add the DC mentioned above :)

I don't know if it is a bug... but if I try to add the DC through Home > Introduction > Passive Identity Wizard, we reach a part where we can specify the DCs that we want to monitor. Choose 'Site Domain Controllers' and the DC will be there. If I choose 'Custom' I can't find it on the list presented by ISE-PIC...

Thank you Marius and Marvin for all your help!! This can be considered as the solution for this topic.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marius Gunnerud
VIP
VIP

‎07-13-2020 11:12 AM

Have you enabled Passive Identity Service under Administration > System > Deployment ?

Have a look through the following implementation guide. Perhaps it can lead you to what you are missing.

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2019/pdf/LTRSEC-1655.pdf

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
PedroDias1994
Level 1
Level 1
In response to Marius Gunnerud

‎07-14-2020 01:15 AM

Hi Marius,

Actually, I am using ISE-PIC... so the passiveID services are already enabled.

Any other suggestion?
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to PedroDias1994

‎07-14-2020 12:42 PM - edited ‎07-14-2020 12:43 PM

Could you provide a screen shot of the PassiveID tab to show what you are seeing, or more accurately, not seeing.

Also, could you go through the following document and see if you missed any steps while setting up your ISE-PIC.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/pic_admin_guide/PIC_admin26/PIC_admin26_chapter_010.html

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
PedroDias1994
Level 1
Level 1
In response to Marius Gunnerud

‎07-16-2020 08:00 AM

Hi Marius,

 

Here are some pictures describing what I wrote on the previous messages.

 

As you can see, the ISE-PIC nodes are integrated with the AD (Domain Controller - SECDCTST01), but the Domain Controller doesn't show on the list when I try to add it on PassiveID tab.

 

Thank you

Preview file
56 KB
Preview file
17 KB
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to PedroDias1994

‎07-16-2020 12:20 PM

Does ISE-PIC allow you to run the AD Diagnostic rule? I am wondering if perhaps you are missing SRV records for the DCs in your DNS zone. The Diagnostic Tool will tell you that (among other things).

0 Helpful

Go to solution
PedroDias1994
Level 1
Level 1
In response to Marvin Rhoads

‎07-17-2020 01:34 AM

Hi Marvin,

I have figured it out a way to add the DC mentioned above :)

I don't know if it is a bug... but if I try to add the DC through Home > Introduction > Passive Identity Wizard, we reach a part where we can specify the DCs that we want to monitor. Choose 'Site Domain Controllers' and the DC will be there. If I choose 'Custom' I can't find it on the list presented by ISE-PIC...

Thank you Marius and Marvin for all your help!! This can be considered as the solution for this topic.
0 Helpful
Customers Also Viewed These Support Documents