10-03-2012 12:17 PM - edited 03-10-2019 07:37 PM
So we have multiple ISE Servers with differing personas. I was having an issue with our new ISE setup not identifying AD Group Attributes when using them in Authorization rules.
We have 2- 3395 appliances running Admin and Monitoring/Troubleshooting Personas and 2- 3395 appliances running as Policy server personas. We are running v1.1.1.268 with the latest two patches.
I was unable to pull Active Directory Group Attributes in any of my Authorization rules. After Resyncing all the boxes with the Primary Administration box I was able to do this. There is no bug listings for this occurance nor do we have Smartnet to call support for other reasons. I thought this might be useful to someone who is having the same issue and is unable to figure it out with TAC
-CC
10-03-2012 02:01 PM
Chris,
Under the deployment tab were all the nodes in sync? What did you do in order resync just apply the sync up (dont know the exact syntax) to force replication?
Thanks,
Tarik Admani
*Please rate helpful posts*
10-03-2012 05:04 PM
Absolutely. All units said in-sync after setting their personas.
Here is our layout:
ISE-ADM-01 Admin-Primary, Monitoring-Secondary
ISE-ADM-02 Admin-Secondary, Monitoring-Primary
ISE-PDP-01 Policy Only
ISE-PDP-02 Policy Only
I synced one at a time starting with ADM-02. After completing the other two boxes. Active Directory Attribs were pulled down when using them in the Ext Group within my Authz rules.
-CC
10-05-2012 10:47 AM
I have identified what causes this to happen.
This only happens if your setup has PDP servers not a part of your Admin and Troubleshooting boxes and you change the You must resync the PDP boxes to update the information it must not be updating automatically.
Hope this helps someone else I cannot create a bug id for this.
-CC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide