Solved: ISE 2.1 + Secondary Node

Matteo Abrile · ‎02-28-2017

Hello,

I add to deploy additonal node and it sync fine with primary, Now on WLC I add as radius server also IP secondary node.
Now sometime when I doing BYOD onboarding and request sent to secondary node, I receive back invalid user/pass, to authenticate username I use my AD in external identity. If I disable in WLC secondary node every things work fine again.
Seems that secondary node can't speak with AD to process authentication.

Can you have some idea ? thanks

M.

Rahul Govindan · ‎02-28-2017

If you go to the External Identity Source page, do you see the secondary node as joined to the Active directory? If not, you can try running the inbuilt diagnostic tool to troubleshoot why the secondary PSN is not talking to the AD correctly.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html#task_013E23768CF044F08C0DAF93902F5D0D

View solution in original post

Rahul Govindan · ‎02-28-2017

If you go to the External Identity Source page, do you see the secondary node as joined to the Active directory? If not, you can try running the inbuilt diagnostic tool to troubleshoot why the secondary PSN is not talking to the AD correctly.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html#task_013E23768CF044F08C0DAF93902F5D0D

Matteo Abrile · ‎03-01-2017

Hello,

it's work now, thanks very much.

M.