cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1376
Views
5
Helpful
4
Replies

ISE In AWS Active Directory Diagnostic Tool test

pinglis
Level 7
Level 7

I have just added a our first AWS instance to you our ISE Deployment and when I join it to the Active Directory domain the following tests are failing/showing a warning:

Failed AD Diagnostic Tests.png

The same tests on the physical appliances work.

On the AWS node an nslookup for _ldap._tcp.dc._msdcs for the SRV records for domain is working.

 

Any ideas?

1 Accepted Solution

Accepted Solutions

pinglis
Level 7
Level 7

The problem appears to be with the AWS based DNS server. Switching to on premise DNS servers resolves the issue. 

I m getting our DNS team to check the differences.

View solution in original post

4 Replies 4

thomas
Cisco Employee
Cisco Employee

The physical appliances are not in AWS.

Security Groups?

Network ACLs?

VPN firewall?

Other firewall?

See Cisco ISE Administration Node Ports

pinglis
Level 7
Level 7

There may be some firewall rules/ACLs but I am unclear which DNS server the ISE node is using for the tests As I said nslookup from node cli itself seems to be working but I know this DNS server is a layer below the application itself. Could the ISE application be picking up a different DNS server?

It should be using whichever DNS servers you have configured when you provisioned it.

You will need to SSH with your AWS private key to see the DNS server configuration with a `show run`.

pinglis
Level 7
Level 7

The problem appears to be with the AWS based DNS server. Switching to on premise DNS servers resolves the issue. 

I m getting our DNS team to check the differences.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: