Cisco Ironport370 WSA AD Integration issue

Nishit Bhosale · ‎04-16-2015

Hi,

I am trying to create Authentication realm using NTLM. I am getting following errors when trying to join domain.

Error - Computer Account creation failed.

Failure: Unable to resolve 'abc.example.COM' : Unknown hostname
Failure: Unable to resolve 'xyz.example.COM' : Unknown hostname
Failure: Unable to resolve 'ghd.example.com' : Unknown hostname

pl help to integrate AD with WSA.

Regards,

Nick

Tao Yang · ‎04-16-2015

Please run nslookup command in WSA CLI to verify if WSA can resolve the IP of those hosts.

WSA> nslookup www.google.com

A=173.194.72.106 TTL=30m

A=173.194.72.104 TTL=30m

A=173.194.72.103 TTL=30m

A=173.194.72.105 TTL=30m

A=173.194.72.147 TTL=30m

A=173.194.72.99 TTL=30m

Tao Yang · ‎04-16-2015

Please run nslookup command in WSA CLI to verify if WSA can resolve the IP of those hosts.

WSA> nslookup www.google.com

A=173.194.72.106 TTL=30m

A=173.194.72.104 TTL=30m

A=173.194.72.103 TTL=30m

A=173.194.72.105 TTL=30m

A=173.194.72.147 TTL=30m

A=173.194.72.99 TTL=30m

Nishit Bhosale · ‎04-19-2015

Hi Tao Yang,

Thanks for response. There was issue in DNS mapping for WSA host name in DNS Server.

WSA successfully joined domain controller.

I want to know whether Active director agent installation is required for single-sign on.

Ken Stieers · ‎04-19-2015

ADAgent (or now the CDA) is not required for single-sign on/transparent authentication, but it does clear up some issues you'll see with apps that don't support authentication. For example, Outlook, when there are pics in an HTML mail that have to be downloaded, won't get those pics. We have a few apps that get licensing over the web that fail.

CDA gets the auth info at login and sends it to the WSA, typically before the user tries to hit the web...