Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1055
Views
0
Helpful
1
Replies

ISE - Server Name seen in AD Logs

AndrewKirkby7500
Level 1
Level 1

‎04-19-2022 12:42 PM

When troubleshooting issues with users, specifically those where their Active Directory Account may be locked, our Windows teams will check the AD security logs. However, they see the attempted login as though it has come from the ISE devices (as expected), however, the server name that they see in their logs is not the same as the hostnames configured on the ISE devices?

As an example - they may see the entry as below for the server -

\\AAADC01-983EZXB

 Where the 'AAADC01' is an expected and recognised part of the name (only the first few characters) but the rest '-983EZXB' is unknown... Apparently the Windows logs don't record the source IP of the request, only the name sent so it's impossible to work out which of the nodes in the ISE clusters this is coming from...

Does anyone know how I can relate the above back to the real hostname/identify the source within the ISE cluster?

Andrew

0 Helpful
1 Reply 1

hslai
Cisco Employee
Cisco Employee

‎04-20-2022 07:38 PM

Unless the ISE nodes have long hostnames that are longer than 15 characters, I could not think of a reason for such hostname character substitutions. If the hostnames are indeed more than 15 characters, check the NetBIOS names of the computer accounts for these ISE nodes.

If that is not it, please contact Cisco TAC for further troubleshooting.

0 Helpful
Customers Also Viewed These Support Documents