cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

356
Views
0
Helpful
1
Replies
AndrewKirkby7500
Beginner

ISE - Server Name seen in AD Logs

When troubleshooting issues with users, specifically those where their Active Directory Account may be locked, our Windows teams will check the AD security logs. However, they see the attempted login as though it has come from the ISE devices (as expected), however, the server name that they see in their logs is not the same as the hostnames configured on the ISE devices?

As an example - they may see the entry as below for the server -

\\AAADC01-983EZXB

 Where the 'AAADC01' is an expected and recognised part of the name (only the first few characters) but the rest '-983EZXB' is unknown... Apparently the Windows logs don't record the source IP of the request, only the name sent so it's impossible to work out which of the nodes in the ISE clusters this is coming from...

Does anyone know how I can relate the above back to the real hostname/identify the source within the ISE cluster?

Andrew

1 REPLY 1
hslai
Cisco Employee

Unless the ISE nodes have long hostnames that are longer than 15 characters, I could not think of a reason for such hostname character substitutions. If the hostnames are indeed more than 15 characters, check the NetBIOS names of the computer accounts for these ISE nodes.

If that is not it, please contact Cisco TAC for further troubleshooting.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube