ISE RODC working case

Qingguo Zhang · ‎09-26-2018

Hello experts

Customer would like to set up a new RODC to integrate with ISE in their DC , this is to minimize the impact for normal AD in production . As per previous discussion and documentation on ISE , RODC works only primary DC (ISE joined) is failure and having some limitation ,

https://community.cisco.com/t5/identity-services-engine-ise/cisco-ise-rodc/td-p/3450318

1. If ISE joined regular DC first in a setup with RODC , then disconnect regular DC and ISE joined to RODC, My testing on this is unsuccessful (still in troubleshooting) , what is detailed working scenario with RODC ?

2. if RODC is not working with MS-CHAPv2 , then most popular 802.1x may not be working , is it true ?

thanks

Qingguo

Timothy Abbott · ‎09-26-2018

In the community thread you mentioned, the RODC can only be used as a backup for the supported operations. If ISE does use a RODC in a site where ISE is joined to a regular DC, then it will be subject to those RODC limitations.

Regards,
Tim

Qingguo Zhang · ‎09-26-2018

Could you provide detailed steps or conditions for RODC testing?

What about 2nd question?

carrols1 · ‎06-01-2024

HI Qingguo Zhang

Could you able to resolve this issue.
If we try to bind RODC with cisco ISE. Do we have to bind RODC under external identities --> Active Directory or under LDAP. Is it possible to bind LDAP under Active Directory. I expect the reply as soon.
Thank you

Jonny Bacoz · ‎06-01-2024

I am also suffering from this problem