problem with ISE2.3 and AD 2016 WMI integration

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2018 02:01 AM
Hi,
I want to integrate ISE 2.3 with Windows AD 2016 to enable passiveID in the network.
Configuration of DC is OK, but when I click on on the Test button I get error message.
Do you know what can be a problem?
BR Milan
- Labels:
-
Identity Services Engine (ISE)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2018 02:07 AM
Try CN name instead of email address of administrator

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2018 02:22 AM
I'm not using email. Administrator CN is used.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2018 08:00 AM
If there are any firewalls between ISE and DC, please ensure ISE allowed to connect to DC on any ports. See also Prerequisites for Integrating Active Directory and Cisco ISE
You may also check Active Directory Requirements to Support Easy Connect and Passive Identity services
Additionally, turn DEBUG on passiveid and watch the debug log via CLI "show logging app passiveid-wmi.log tail". Attached is a sample log file.
PS: I tried it myself and ISE worked fine with Windows Server 2016 (Updated Feb 2018) Standard with Desktop Experience.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2018 06:45 PM
I'd like to know if those changes would be done differently in a multi Domain Controllers environment.
Thanks!
