About dgaikwad

dgaikwad · 01-17-2023

Hi Experts,Running ISE 2.7 patch 7.The following notification was recieved that the feed services certfiicate will expired in another 7 days time. How is this certificate renewed or is this certificate even required.The downloads section list that t...

dgaikwad · 12-15-2022

Hi Experts,We are in the process of joining a crashed back to AD.Issue:AD user has certain rights removed due to security concerns.It was later determined that this user will need to have domain admin rights to be able to join AD.AD team has a concer...

dgaikwad · 12-07-2022

Hi Experts,The remote logging targets has been configured and required logging categories are assigned to this remote logging target.For which ISE node is the syslog port needs to be opened on firewall? Its going to be port UDP/514 for MnT or PAN?Sin...

dgaikwad · 10-06-2022

Hi Experts,Issue:ISE nodes in deployment are in .com domain while AD integration has been done with .net domain.Now, there is this one node that was re-imaged is no long able to join AD domain again.The logs are throwing the following errors: 40022, ...

dgaikwad · 09-22-2022

Hi Experts,Going to perform a backup and restore method upgrade.To perform this its planned to use only the DR and run it for a few days to sort out issues.But then question is that then, how would one manage the licenses?What if secondary PAN is de-...

dgaikwad · 01-17-2023

The issue has been resolved and confirmed that domain rights are needed to join AD.The domain rights are only utilised during the creation of the machine account in AD, post that domain rights are not needed.

dgaikwad · 12-15-2022

Thanks for the info.I was going through the document, and the document does talk about mandatory domain rights: Thus there is this concern if the LSA is being utilised to make changes to the AD domain.

dgaikwad · 12-15-2022

Yes, this configuration makes sense, the ports document shows the same.As per design all the nodes are sending syslog individually to MnT nodes, thus if the same copy us to be sent to external remote logging target then the ports for all the nodes ar...

dgaikwad · 10-07-2022

@Aref Alsouqi Was able to capture the following output of the commands: <Node_with_Issue># nslookup _ldap._tcp.gc._msdcs.<ISE_node_domain> querytype SRVTrying "_ldap._tcp.gc._msdcs.<ISE_node_domain>"Received 119 bytes from <DNS_Server>#53 in 1 msTryi...

dgaikwad · 10-06-2022

Yes, the AD object has been removed, but still the errors persists.While I did try to do a nslookup from .net domain, was able to resolve the DNS and AD servers fine.

Member Since	‎09-14-2016 02:06 AM
Date Last Visited	‎06-09-2023 03:47 AM
Posts	389
Total Helpful Votes Received	86

User Statistics

User Activity

Feed services certificate expiring

Join ISE to AD domain

Remote logging targets and ISE

Nodes and external AD are in different domain

Backup and restore upgrade

Re: Join ISE to AD domain

Re: Join ISE to AD domain

Re: Remote logging targets and ISE

Re: Nodes and external AD are in different domain

Re: Nodes and external AD are in different domain