Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6045
Views
10
Helpful
4
Replies

SRV Record Found. Not All SRV Records Have IP, Will Need To Run Additional Query For Get IP.

Go to solution
Daniel Martins
Level 1
Level 1

‎09-20-2019 07:54 AM

Hi Gang,

 

ISE has been fine and recently, this warning has occurred:

 

"SRV Record Found. Not All SRV Records Have IP, Will Need To Run Additional Query For Get IP."

 

I've checked our AD SRV records by using:

  1. NSLOOKUP > set type=all
  2. _LDAP._TCP.DC._MSDCS.domain_name.com
  3. I see 8 SRV records as expected, all up-to-date. However, the returned internet addresses seem to be truncated i.e. only 5 internet addresses are returned for the 8 SRVs? Is this what ISE is referring to? That it needs to do an additional lookup to obtain the IP addresses?

What exactly is happening here and how does one resolve this error? 

 

We are running ISE 2.4 with Patch 9. 

 

Thanks Gang!


Dan

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-29-2019 08:22 AM

Yes, you are correct about the DNS records. If possible, please reduce the number of records to make it more efficient.

View solution in original post

4 Replies 4

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-29-2019 08:22 AM

Yes, you are correct about the DNS records. If possible, please reduce the number of records to make it more efficient.

Go to solution
Daniel Martins
Level 1
Level 1
In response to hslai

‎09-30-2019 01:11 AM

Thanks for getting back yo me hslai!

 

Thank you for confirming this expected bevahiour.

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎09-30-2019 06:18 AM

Adding comments:

If using AD as an external ID source a good troubleshooting tool via your PAN gui can be found here: Administration->Identity Management->External ID Stores-><your respective source>

Click one of you nodes & run the Diagnostic tool

 

This can allow you to check whether or not things such as SRV records, etc. are good from ISE perspective. 

Go to solution
Romzy
Cisco Employee
Cisco Employee

‎08-11-2020 01:20 PM

You may need to check AD debugs on ISE as well to confirm the response is "ok" for SRV test.

 

DNSDiag::resQueryDomainSRVrecordsInAllNS() - Query response is ok for _ldap._tcp.dc._msdcs.Domain_Name

DNSDiag::doTest() - Completed running test DNS SRV record query

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents