03-08-2018 02:01 AM
Hi,
I want to integrate ISE 2.3 with Windows AD 2016 to enable passiveID in the network.
Configuration of DC is OK, but when I click on on the Test button I get error message.
Do you know what can be a problem?
BR Milan
03-08-2018 02:07 AM
Try CN name instead of email address of administrator
03-08-2018 02:22 AM
I'm not using email. Administrator CN is used.
03-13-2018 08:00 AM
If there are any firewalls between ISE and DC, please ensure ISE allowed to connect to DC on any ports. See also Prerequisites for Integrating Active Directory and Cisco ISE
You may also check Active Directory Requirements to Support Easy Connect and Passive Identity services
Additionally, turn DEBUG on passiveid and watch the debug log via CLI "show logging app passiveid-wmi.log tail". Attached is a sample log file.
PS: I tried it myself and ISE worked fine with Windows Server 2016 (Updated Feb 2018) Standard with Desktop Experience.
04-17-2018 06:45 PM
I'd like to know if those changes would be done differently in a multi Domain Controllers environment.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide