Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
hiwere in the process of decommissioning some domain controllers and ive noticed that our new ISE nodes are contacting these DCs over LDAP port 389.... now this is odd because LDAP is not configured on the nodes as we use Azure AD to authenticate to ...
hello again after my patching ordeal im now looking at configured SSO for admins.I have followed these guides i still cant log into our ISE nodes, i get an error saying access denied.https:/www.cisco.com/c/en/us/support/docs/security/identity-service...
hiWe are trying to patch our ISE nodes with patch number 3: - ise-patchbundle-3.2.0.542-Patch3-23071904.SPA.x86_64.tar.gzwe have a 2 node environmenti logged onto the primary nodeadministrationselected maintenance patch managementselected the patch a...
hiim trying to understand and figure out why our new ISE node is not authenticating devices.the scenario is this... we have an on Prem node which is v2.7, this node is to be decommissioneddeployed a new node in Azure which is v3.2exported the config ...
hiim preparing to upgrade our single ISE node from v2.6 -> 2.7 then to 3.2ive come across the URT tool but theres a couple of warnings in the guide and id like to confirm if its safe to run this toolThe warnings areDo not run the URT on the Primary P...
@JonasNobs wrote:looking at your first printscreen it looks like there is AD integration for the "external identity source".If I'm not mistaken what happens there is - besides other protocols - also LDAP on tcp/389When selecting the object within the...
I stand corrected.. i found the CRL Distribution Point URL in our Company Root CA.as you said above....Very import. If your PKI has a hierarchy of:Root CA
-- > Intermediate CA
---> Issuing CAthen don't set a CRL download for the Root or I...
@Arne Bier wrote: If you look at one example client cert, the http URL of the CRL might be published there...If it's not there, then ask your CA admins what the http location is for the CRL.ive had a look at my local comp cert and theres no CRL detai...
so we dont have anything configured for the CRL in our scepman cert (intune built machines) when i look at the authentication details for a device, the only mention of CRL is the following12571ISE will continue to CRL verification if it is configured...
@Arne Bier wrote:Hi @TedB123 The LDAP attempts are probably coming from your PSNs that are performing a CRL download. Have you configured CRL downloads ? If you don't configure a static URL in ISE, then ISE will look in the CDP (CRL Distribution Poin...
