cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
489
Views
0
Helpful
1
Replies

ISE - Server Name seen in AD Logs

AndrewKirkby7500
Beginner
Beginner

When troubleshooting issues with users, specifically those where their Active Directory Account may be locked, our Windows teams will check the AD security logs. However, they see the attempted login as though it has come from the ISE devices (as expected), however, the server name that they see in their logs is not the same as the hostnames configured on the ISE devices?

As an example - they may see the entry as below for the server -

\\AAADC01-983EZXB

 Where the 'AAADC01' is an expected and recognised part of the name (only the first few characters) but the rest '-983EZXB' is unknown... Apparently the Windows logs don't record the source IP of the request, only the name sent so it's impossible to work out which of the nodes in the ISE clusters this is coming from...

Does anyone know how I can relate the above back to the real hostname/identify the source within the ISE cluster?

Andrew

1 REPLY 1

hslai
Cisco Employee
Cisco Employee

Unless the ISE nodes have long hostnames that are longer than 15 characters, I could not think of a reason for such hostname character substitutions. If the hostnames are indeed more than 15 characters, check the NetBIOS names of the computer accounts for these ISE nodes.

If that is not it, please contact Cisco TAC for further troubleshooting.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: