05-26-2013 07:43 PM - edited 03-10-2019 08:28 PM
Dear all,
I have Cisco Indentity Services Engine, that connected to Active Directory. When I test connection detailed,
the result is error, said:
Test Connection Results
This dialog shows the detailed logs for the operation for: idsv0018.
Status: FAILED: Global Catalog port status error.
Can anyone help?
I believe, because this error, I can't search group of AD, at Cisco ISE.
FYI: the connection from Cisco ISE to AD, joined with successful result.
Thanks,
Jerri
05-26-2013 08:03 PM
Duplicate posts.
05-26-2013 08:31 PM
Yes leolaohoo is correct this error occur due to duplicate port. Please check the port setting.
05-26-2013 08:34 PM
Hi Ravi,
Where i should check my port setting?
fyi,
leolaohoo said duplicate post, not duplicate port.
thks,
Jerri
05-27-2013 12:18 AM
Can you do nslookup
Was this working before and you rebooted your GC and after that you started seeing issue.
In your DNS settings can you see global catalog in the Forward Lookup Zone?
Jatin Katyal
- Do rate helpful posts -
05-27-2013 12:32 AM
Hi Jatin,
Thanks for the reply.
yes, we can do nslookup
this problem already appear from the first time i try to test detail AD from CISE.
I can't retreive group of my AD, because of this.
where section, that i can see my global catalog in my DNS windows server?
Thks,
Jerri
05-29-2013 07:32 PM
do anyone having a same problem when integrating AD multidomain with Cisco ISE?
05-27-2013 04:57 AM
Hello Jerri,
Please follow these steps:
1. Make sure that ISE can connect to the Global Catalog (by Default it is Domain Controller) on the following ports (see table below)
2. Check Windows Event Viewer > System Events on your Domain Controller and locate any errors / warning. Note down Event ID
3. If there are any errors, other client computers in your AD domain are likely to experience problems locating User groups, Printers etc.
4. If the above steps are confirmed, then you need to fix .msdcs.ad-domain.xyz and the records, on your primary DNS (Master Domain Controller by default)
5. To fix those records, you may refer to the following link for more guidance on how to do it. Or your Windows AD Administrator should fix it
How DNS Support for Active Directory Works
http://technet.microsoft.com/en-us/library/cc759550
Otherwise let me know about the detail on Event IDs you notice in your Windows Event Viewer
Service Name | UDP | TCP |
LDAP | 3268 (global catalog) | |
LDAP | 3269 (global catalog Secure Sockets Layer [SSL]) | |
LDAP | 389 | 389 |
LDAP | 636 (SSL) | |
RPC/REPL | 135 (endpoint mapper) | |
Kerberos | 88 | 88 |
DNS | 53 | 53 |
SMB over IP | 445 | 445 |
05-29-2013 02:04 AM
1. telnet from cise to AD server with port (all port in the table), can connected.
2. no error related to AD in the system events
3. users can locate printer, and others objects in the AD, and no problem with login (if GC problem, i think, login to domain, will also be problem)
4. DNS server
there is _gc (SVR type) in the
.msdcs.ad-domain.xyz -> gc -> sites -> name of the sites -> _tcp
But no_gc file (SVR type) in the
ad-domain.xyz at DNS server. folder _tcp.
so, i making this files.
But, still can't connect / find the GC / GC port status error , when detailed test in the Cisco ISE.
FYI, we have multiple domain in this company.
Didn't know what could be the problem, but
do you guys know how to repair GC in the AD?
05-29-2013 07:33 PM
do anyone having a same problem when integrating AD multidomain with Cisco ISE?
05-29-2013 07:55 PM
do anyone having a same problem when integrating AD multidomain with Cisco ISE?
05-30-2013 02:02 AM
It's clears that when ISE tries to find the GC using the _gc._tcp. DNS query. It doesn't find that information on the Domain controller. The GC information is missing on the DC.
_
gc._tcp.DnsForestName
Allows a client to locate a Global Catalog (gc) server for this domain.
Jatin Katyal
- Do rate helpful posts -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide