When troubleshooting issues with users, specifically those where their Active Directory Account may be locked, our Windows teams will check the AD security logs. However, they see the attempted login as though it has come from the ISE devices (as expected), however, the server name that they see in their logs is not the same as the hostnames configured on the ISE devices?
As an example - they may see the entry as below for the server -
\\AAADC01-983EZXB
Where the 'AAADC01' is an expected and recognised part of the name (only the first few characters) but the rest '-983EZXB' is unknown... Apparently the Windows logs don't record the source IP of the request, only the name sent so it's impossible to work out which of the nodes in the ISE clusters this is coming from...
Does anyone know how I can relate the above back to the real hostname/identify the source within the ISE cluster?
Andrew