Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2580
Views
0
Helpful
5
Replies

ISE is unable to retrieve groups and attributes

steelinquisitor
Level 1
Level 1

‎06-19-2013 12:10 PM - edited ‎02-21-2020 04:54 AM

Hello guys,

I have Cisco ISE installed on EXSi in a lab. I was able to join the ISE server to my test Active Directory server, and under the OU=Computers, I can see my ISE hostname.

However, when I go to Administrator > External Identity Sources > Active Directory > Groups > Add > Select Group from Directory:

I have my domain entered in Domain box and an * for filter. When I clicked the "Retrieve Groups" button, I always received "Number of Groups Retrieved: 0 (Limit is 100)"

It seem like ISE is unable to retrieve the groups that I have on my AD. I checked the status of my ISE server and it says that it is still connected to the domain. When I search for attributes, it keep saying that the user is not found.

I disabled my AD's firewall and still getting the same results. I ran the detailed test connection, and it was a success and the port connections are all good. At this point, I am pretty much stuck.

Any help would be greatly appreciated.

Thanks

0 Helpful
5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-20-2013 02:22 AM

Couple of questions:

What version of ISE are you running, along with patch?

In the domain box, are you using the remote domain or local domain?

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful

steelinquisitor
Level 1
Level 1
In response to Jatin Katyal

‎06-20-2013 06:26 AM

Hello Jatin,

Thanks for the reply.  I have ISE v1.1.1. I think I have fixed it. It was the DNS issue.  I added the ISE server to my AD/DNS and rebooted the ISE server. After it rebooted, I tried to retrieve the groups and attributes, and it worked.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to steelinquisitor

‎06-20-2013 06:32 AM

Good to know. Thanks for keep the thread updated.

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful

steelinquisitor
Level 1
Level 1
In response to Jatin Katyal

‎06-20-2013 07:21 AM

Thanks again.  Hope this post help others with the same issue.

0 Helpful

steelinquisitor
Level 1
Level 1
In response to Jatin Katyal

‎06-20-2013 12:57 PM

I am sorry Jatin. I have another question.  I am working on Motorola RFS7000 WLC and Cisco ISE v1.1.1.

I am not sure if I should create a new thread about the new issue I am having now.  I have successfully added my RFS controller and one AP7131 to ISE Network Devices. And I am able to login to these devices using my AD account. However, it is not allowing me to manage these devices.  I believe I am at exec mode. I SSH to my RFS and I can't even get to enable mode.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card