cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1626
Views
1
Helpful
3
Replies

Distributed ISE AD Connection

I have a distributed ISE solution implementet.

Se attachement ISE-Deployment.

The ISE nodes are jointed to respective Active Directory as in the picture.

I get alarm on all ISE nodes that are not joined in AD that "Active Directory not joined". Se attachement ISE_Alarm.

All radius athentications working great in all domains.

One of the challanges is external identity mapping medn retriving groups from AD. It says that the Primary Administrations Node need to be a member for the domain.

- I have tested to join the domain with Primary Admin node, do the group mapping and then leave the domain. That works great. If the admin nodes is member of all domains the PSN and MNT generate alarms. Same alarm as the attachement.

The configuration for External Identity Sources looks like this:

     Active Directory

          Initial_Scope

               Domain-1

               Domain-2

               Domain-3

I have also tried with scope for each domain.

Do anyone have som ideas here?

Thanx for any answers and help.

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

If on ISE 2.2, this alarm is added as the fix for CSCvb46425. If any alarm alerting it incorrectly, please engage Cisco TAC.

View solution in original post

3 Replies 3

hslai
Cisco Employee
Cisco Employee

If on ISE 2.2, this alarm is added as the fix for CSCvb46425. If any alarm alerting it incorrectly, please engage Cisco TAC.

Hi.

Do you have any link for the fix CSCvb46425. I cannot find any information about that fix.

Regards,

Christian