Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
10263
Views
5
Helpful
17
Replies

WSA join to AD but can´t fetch AD group information

Guido Arturo Catalano
Level 1
Level 1

‎05-02-2015 09:23 AM

Hi,

 I can join the WSA to AD, but it can´t get AD-Groups.

 The realm was created but group search found no records.

 

 Do I need another procedure to join a W2012R2 domain?

 

 AsyncOS Version: 8.5.1-021

 Windows 2012 R2

 

Checking DNS resolution of WSA hostname(s)...
Success: Resolved 'mgmt_wsa1.xxx.local' address: x.x.x.115

Checking DNS resolution of Active Directory Server(s)...
Success: Resolved 'x.x.x.11' address: x.x.x.11
Success: Resolved 'x.x.x.12' address: x.x.x.12

Checking DNS resolution of AD Server(s)' full computer name(s)...
Success: Resolved 'SRVDC1.xxx.local' address: x.x.x.11
Success: Resolved 'SRVDC2.xxx.local' address: x.x.x.12

Validating configured Active Directory Domain...
Success: Active Directory Domain Name for 'x.x.x.11' : xxx.LOCAL
Success: Active Directory Domain Name for 'x.x.x.12' : xxx.LOCAL

Attempting to get TGT...
Success: Kerberos Tickets fetched from server 'x.x.x.11' :

Success: Kerberos Tickets fetched from server 'x.x.x.12' :


Checking local WSA time and server time difference...
Success: AD Server time and WSA time difference within tolerance limit
Success: AD Server time and WSA time difference within tolerance limit

Attempting to fetch AD group information...
Failure: Exception on query to server 'x.x.x.11', port 389 failed :
Exception('Inquiry timed out: auth failed: Windows 2008R2 or later requires a User account to create a data store, not a Computer account',)
Failure: Exception on query to server 'x.x.x.12', port 389 failed :
Exception('Inquiry timed out: auth failed: Windows 2008R2 or later requires a User account to create a data store, not a Computer account',)

Test completed: Errors occurred, see details above.

 

Thanks in advance.

Guido

1 person had this problem
Labels:
0 Helpful
17 Replies 17

oddonepaolo
Level 1
Level 1

‎05-05-2015 08:14 AM

We have this identical problem too.

Any suggestions?

Thanks

 

0 Helpful

letmgkfree
Level 1
Level 1
In response to oddonepaolo

‎05-06-2015 08:55 AM

Had the same problem after joining the domain.

just enter ssh write reboot then yes.

toke less than 5 minutes.

Mohamed Khetrish

0 Helpful

Erik Kaiser
Cisco Employee
Cisco Employee
In response to letmgkfree

‎05-29-2015 01:06 PM

HI ,

 

The issue your experiencing is more then likely this bug:

 

CSCuu49739

 

Sincerely,

 

Erik Kaiser

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
0 Helpful

igor.virgilio
Level 1
Level 1
In response to Erik Kaiser

‎07-02-2015 06:36 AM

Hi Erik,

I've been facing this bug, that also was confirm by Cisco, and was given some alternatives to solve the problem:

- Wait a new release

- Add groups manually(but didn't work)

- Or downgrade, but we are using a KVM VM so we didn't find a older version(we are using 8.6.0-025 version on Virtual WSA S000)

 

Do you suggest another alternative?

 

Thank you

 

kussriva
Level 1
Level 1

‎05-05-2015 08:43 PM

Hi,

 

Could you please try to delete the Ad Realm and add it back again? If possible test with adding only a single DC at one time to test.

 


Regards,

Kush

Cisco PDI TA

 

 

 

0 Helpful

oddonepaolo
Level 1
Level 1
In response to kussriva

‎05-06-2015 12:33 AM

Thanks Kush

We have rebooted WSA and problem is disappeared.

But it's the third time that we need to reboot it (for other reason), and when we reboot it, we must switch off and power on again.

Daniele

0 Helpful

Didier GREINER
Level 1
Level 1

‎05-19-2015 10:58 AM

I have exactly the same issue.

AsyncOS Version: 8.7.0-172

Windows 2012 R2

I have an open case for that.

Did you fix it?

0 Helpful

dimensyssrl
Level 1
Level 1
In response to Didier GREINER

‎05-20-2015 12:11 AM

Hi.

Rebooting system fix the problem.... for a while... then it reappears after some times....

It's very annoying.

Please Cisco fix this issue.

Daniele

0 Helpful

igbinosuneric
Level 1
Level 1

‎05-20-2015 01:56 AM

Hello 

Upgrade the AsyncOS Version to 8.5.2-024 or higher 

then the account details you to join the domain must be an admin account with the right privileges

that was what worked for me 

0 Helpful

Didier GREINER
Level 1
Level 1
In response to igbinosuneric

‎05-20-2015 05:39 AM

What is your Active Directory Windows version?

0 Helpful

igbinosuneric
Level 1
Level 1
In response to Didier GREINER

‎05-20-2015 05:54 AM

2012 server 

0 Helpful

Daniel.Musto
Level 1
Level 1
In response to igbinosuneric

‎07-28-2015 12:56 PM

We are currently hosting multiple clients on one physical appliance and are still experiencing this, despite upgrading to 8.5.2-027.

 

This only seems to be affecting one of the domains on the appliance, however.

0 Helpful

Massimo Baschieri
Level 3
Level 3
In response to Daniel.Musto

‎10-14-2015 08:58 AM

Someone has any news about the issue?

0 Helpful

Atazazuddin Shaikh
Cisco Employee
Cisco Employee
In response to Massimo Baschieri

‎10-14-2015 11:01 AM

Massimo

 

if you are still having this issue, Please open a TAC case so we can troubleshoot and assist you with this issue.

 

Regards,

Zack

 

0 Helpful
Top