Cisco AAA/Identity/Nac :: Force ACS V.5 To Join Domain With Certain Controller?
Sep 5, 2012
I try to join an ACS v. 5.3 to the domain. For my acs in Location A, I can join without problems using my account. When I try to join the ACS in location B to the same domain with the same account, it doesnt work.I looked at the debug log files for the ad client, and noticed, that the ACS in location B goes to a certain Domain Controller. However, I would have expected the ACS to contact another DC, which is located on the same location as the ACS ... this doesnt happen.
My question: How does the ACS determine what DC to contact ? Is it possible to force the AC to join by connecting a certain DC ?
View 2 Replies
ADVERTISEMENT
Jan 18, 2012
l have a new ACS v 5.2 appliance and l´m trying to join to my domain, but l haven´t could, the acs shows me the Clock skew error, and l was checking some documents about it doesnt work. the acs have the same timezone and time that my domain, but the problem persist
View 7 Replies
View Related
Sep 12, 2011
Within ACS 5.2, does any know of a way to see which specific domain controller a request is sent to?
View 1 Replies
View Related
Feb 28, 2010
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
View 5 Replies
View Related
Feb 14, 2013
On our ASA5510 in the area AAA Server Groups, there is an entry for LDAP and an object that refers to our 2003 Domain Controller. This DC has LDAP over SSL enabled and I can see the DN and Password for a domain user account.I've created two new DC's, both R2 2008 but when I enable these in the same way it says it could not authenticate, ERROR auth server not responding, AAA group removed.I thought this had something to do with CA being installed on a DC, but it's not running as a service on the DC that was already referred to.
View 2 Replies
View Related
Feb 3, 2011
I'm having issues joining a remote PC to the corporate domain. The VPN we're using is SonicWall.Here's what the error is: Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the fileC:Windowsdebugdcdiag.txt.The domain name "creatormail" might be a NetBIOS domain nameIf this is the case, verify that the domain name is properly registered with WINS.If you are certain that the name is not a NetBIOS domain name, then the following informationubleshoot your DNS configuration.The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "creatormail":[CODE]
View 3 Replies
View Related
Jan 18, 2013
I have set up a Small business server environment for a client. One server in the network, it provides both DHCP, and DNS. Joined all of the XP machine to domain no worries. Tried to join the 7 machine and I get a "DNS couldn't be resolved" error. I know DNS is functioning properly on my server.
View 1 Replies
View Related
Jun 30, 2012
Cannot join Domain with Windows 7 home premium.
View 2 Replies
View Related
Jul 9, 2011
I have an HP Pavilion notebook that was given to me by a friend who had upgraded to a new computer. Due to the fact that she no longer remembered the password to the computer I did a clean install of Windows Vista Home Premium to gain access to the computer. Unfortunately, while the computer seems to be running perfectly, when I attempt to find network connections my computer not only can't find wireless connections, but it doesn't even allow the option of manually creating a wireless connection under my Internet options.My computer has a built in NVIDIA nforce Network controller listed under my network adapters and when I check its status it states that it is working properly, yet it doesn't detect any wireless networks. In addition to this, I've read online that the wireless indicator light on my computer should switch from orange to blue when turned on, but even with my wireless switched on the light remains orange.I've also clicked the update drivers option on the NVIDIA network controller, but it states that the drivers are current and changes nothing.
View 14 Replies
View Related
May 20, 2013
i converted the C1310 to LAP using upgrade tool. but the AP is not able to join the controller i was not able to view SHA Key in upgrade tool, so i ran the "debug pm pki enable " on the controler to get it. i'm still not able to view SHA key.
here is the output of debug command
*spamApTask0: May 21 15:07:43.527: 88:43:e1:d1:fc:9e Received LWAPP JOIN REQUEST from AP 88:43:e1:d1:fc:9e to cc:ef:48:b3:23:ef on port '13'
*spamApTask0: May 21 15:07:43.549: sshpmGetIssuerHandles: locking ca cert table
[Code].....
View 3 Replies
View Related
Sep 12, 2012
i'am trying to configure an AP1121g on my controller wlc5508 7.2 but i'am facing a compatibility issue.
View 5 Replies
View Related
Oct 18, 2012
Network environment: (well configured and working fine)
2 AIR-WLC2106-K9 - Software Version 7.0.235.0
2 AIR-WLC2112-K9 - Software Version 7.0.235.0
10 AIR-LAP1252AG-T-K9 - Software Version 7.0.235.0
10 AIR-LAP1131AG-A-K9 - Software Version 7.0.235.0
I am adding a Cisco AP c3502-I-K9 to network.
It does not join any of the controllers.
Led is cycling through green, red, and off - that means "discovery/join process in progress" - never ends.
As wireless network is doing fine, I had only added to dhcp server dhcpd-subnet.conf file the above configuration:
class "Cisco AP c3500" {
match if option vendor-class-identifier = "Cisco AP c3500";
option vendor-class-identifier "Cisco AP c3500";
[Code].....
View 13 Replies
View Related
Oct 15, 2012
When we were installing some new APs, were plugged in to ports that were not configured on the WLC management VLAN.
This is the illustration
WLC management VLAN is VLAN 80 Management VLAN of infrastructure (Switches routers) is VLAN 10
The APs were plugged in to VLAN 10 and they were not able to associate themselves with the controllers.
Through research, those APs were getting a wrong IP address,
I did the Mode button, pressed for 30 secs, but this did not fix the problem, i thought it was going to clean the flash and bring the AP back to factory default I do not believe this happened.
We also added the cisco-capwap-controller.localdomain to our DNS servers, and then I rebotted the APs and still no luck.
What fixed the issue is we had to go to the DHCP server, release the IP addresses and we found those based on the macs of the APs. What is we do not have the mac addresses?
Now that I have the DNS entry created, if I plug in an AP on the wrong VLAN port will I be able to see it?
View 3 Replies
View Related
Jan 21, 2012
I am trying to get one AP to join the 2106 controller, it did join once then never again!! Now all I get is:
*Jan 22 11:16:22.088: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
[Code]....
View 31 Replies
View Related
Nov 7, 2012
I’m having a problem of joining new Aps( Ari-ap1242G-E-k9 ) to the following wireless LAN controller. WLC details as follows,
Model No - AIR-CT5508-K9
Software Version - 7.0.116.0
AP Model - ARI-AP1242G-E-K9
AP console logs attached in Error.jpg file
View 5 Replies
View Related
Aug 6, 2012
When I check the AP join statistics I see the following: Reason For Last Unsuccessful Attempt RADIUS authorization is pending for the AP, I don't run a radius server and don't know how to get around this so that the device can join.
View 4 Replies
View Related
Oct 16, 2012
This is a new setup and has not worked yet. I have multiple 3602 APs and one 2504 Controller. I thought initially I could plug-in an AP into one of two POE Ports on the 2504. During debug mode I see that it has low power, was suprised that the 2504 switch can't fully power the AP? Is this correct?Anyways I have another POE switch that I am using with ample power. The configuration for my wireless is that it will be completely segmented off of my internal network as this is for guest access. So DNS servers are external so I cannot create host entries for the AP to discover the controller. With that being said I believe that is just one way for the discovery process to happen. I have my controller management interface and DHCP scope on the controller on the same subnet plugged into the same POE switch. The AP does seem to get a DHCP address and I can ping the controller from the AP. I cannot get any further then that. I will not join the controller and the radios get disabled. I get messages such as "discovery response from MWAR is rejected. I will post a debug log of the AP and its bootup process. This is new equipment so I would assume the firmware is somewhat up-to-date and the 3602 AP is somewhat the latest model.
View 3 Replies
View Related
Apr 11, 2012
1) AP was originally running a standalone image. I booted it into a so-called ROMMON or AP mode (ESC is the right key to make it boot into this mode).
I found a recovery image in its flash - c1140-rcvk9w8-mx. I made the AP boot from it by using "set" command and I see that it start booting using this recovery image. Here goes the question. Do all AP settings matter ? E.g. when I run "set" command from AP I see the following:
ap: set
?=
DEFAULT_ROUTER=10.0.0.1
Default_router=10.9.99.1
ENABLE_BREAK=yes
[Code].....
View 27 Replies
View Related
May 7, 2012
my access point 1230 fail to join the controller. The image is C1200-k9w7-mx.123-8.JA2. I tried to reboot it but it does not join to controller. How do I initiate the discovery process again to make this AP to join? Should I convert it back to autonomous AP and then LWAPP process again? I can ping the AP from the controller and the AP is in the same VLAN with controller.
View 3 Replies
View Related
Jan 4, 2012
Iam having trouble to conect my 1121-AG AP`s to my 4404 WLC.
My WLC version is 7.0.116.0.
I can see he AP is getting an IP address from the controller(internal DHCP). But from some reason they can`t connect to the WLC. I have tried many things such as:
1)reset to default settings
2) move the AP to Autonumos mode and back to LWAPP mode -- didnt work.
1 of my AP 1121AG is working properly.
View 11 Replies
View Related
Oct 4, 2010
I try to configure an AP1131 as OfficeExtend but unfortunately I receive the following message from the debug command on the WLC5508: (Cisco Controller)
*spamApTask4: Oct 04 17:19:18.043: 00:1b:90:74:37:e0 Discovery Request from XX.XX.XX.XX:14847
*spamApTask4: Oct 04 17:19:18.043: 00:1b:90:74:37:e0 Join Priority Processing status =
[Code].....
View 5 Replies
View Related
Mar 10, 2012
we have WLC 4400, we have 40 APs with model no. AIR-LAP1131AG-N-K9 but we recenlty got an AP with model no. AIR-LAP1131AG-E-K9 which is unable to join WLC.
View 3 Replies
View Related
Feb 27, 2013
we are running 5500-series WLC and AIR-LAP1131 and AIR-CAP3502 APs. Now we are trying to have new 1600-series AP's working with 5500WLCs. How to get this combo working.
WLC is running 7.4.100 sw version, and AP will join to controller but it won´t work.[code] I can´t find any kinf off document about invalid event 10 & state 5 combination erros message.
View 25 Replies
View Related
Apr 1, 2012
I'm trying to use 1142 APs with a 2504 Wireless Controller through a D-Link 48PT GBIT XSTACK SWITCH (DLI-DGS-3120-48PC/SI).At any rate, the 1142 AP joins with the wireless controller ONLY when I attach it directly to the controller. When connected directly to the controller the AP functions normally and all is well. When I attach it through the D-Link switch, the AP flashs green several times, indicating that it can't find the controller. I suspect that there's some setting on the D-Link switch that's preventing the AP from seeing the controller.
View 6 Replies
View Related
Nov 29, 2012
I am not able to join 1042 wireless AP with 2106 controller, even i mention that controller ip is 192.168.200.5 it try to join with controller on 192.168.200.6 ip address always. following are the error logs i can see on console.
*Nov 30 19:50:20.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.200.6 peer_port: 5246
*Nov 30 19:50:20.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Nov 30 19:50:21.435: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.200.6 peer_port: 5246
*Nov 30 19:50:21.436: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.200.6
*Nov 30 19:50:21.436: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
[code]....
View 4 Replies
View Related
Jun 7, 2012
We have two controllers 7510 with the same config (SSID, Mobility Groups, etc)... All APs now was joined in wlc01... If we try to one o more APs join to another controller.. it's is not possible and debug show this . [code]
View 1 Replies
View Related
Oct 14, 2012
i have configured cisco LAP1240 in H-Reap Mode for multiple branch offices with Local switching and central authentication. one of the branch's AP does not join the controller in HQ while the others are all ok. i have firewall only in HQ, i did priming first for all APs like let them join the controller and configure controller IP in high availbility, and H-Reap config and assign SSID to map with the branch local vlan. when i faced this issue first time i brought back ap and configure a static IP address for AP than recheck them again but the problem still same. since i have only one firewall in the network and also other branches joined the controller through that firewall and no issues.
View 3 Replies
View Related
Feb 16, 2012
We relocated several servers to our DMZ and, without a domain controller in the DMZ (we plan to put a RODC in the DMZ later when we mvoe to Windows Server 2008), i punch through the standard recommended TCP ports. ports 88,135, 389, 53, etc.) to the internal network located DC. I am double hopping to the DC (I hope thast doesn't matter) as the DMZ located web server communicates to another IP address in the same DMZ network and then I NAT that address to the internal IP address of the DC. Everything seems to be working for the servers we moved to the DMZ but i think i don't have all the necessary TCP/UDP ports punched through because we have found that logging into the DMZ servers is taking an extended amount of time, sitting on the “applying settings” screen. For 2-34 minutes. Also, we noticed that our applciations fols have to now add the fully qualified domain names when making calls to servers that just needed the domain name. When i open the access-list up completely without opening specific TCP/UDP ports, the issue is resolved.
View 4 Replies
View Related
Nov 18, 2012
In my office we are using two networks , one is 16.x.x.x and another on is 15.x.x.x . 16.x.x.x having the domain controller. 15.x.x.x is only connected with Workgroup. my question is it possible to add 15.x.x.x network system into 16.x.x.x network . I tried to add but it gave error message "Domain Controller can not be contacted". Generally we cant add it into the domain i know that. is there anyway to connect the 15.x.x.x systems into 16.x.x.x domain using router in the network.
View 1 Replies
View Related
Jun 19, 2011
Type: Error
EventID: 1054
Description: Windows cannot obtain the domain controller name for your computer network. The specified domain either does not exist or could not be contacted. Group Policy processing aborted.
Dad's work laptop (XP) will no longer connect to any wifi at all. I removed the Intel PRO/set wireless utility so it would default to windows, enabled the Wireless Zero Config. It will acknowledge the network, attempt to get an IP address from the network for 1 minute, then it rotates down to the next network SSID in queue (I have 3 SSID's in our house). When it reaches the end, it just goes back to the "Windows is not connected to any wireless networks" message.
View 2 Replies
View Related
Mar 1, 2011
In 2004 I had a small home network of an NT4 domain controller with a 98 client and an XP client and an NT4 workstation laptop.ll was fine with the NT4 server providing a central store and print queue for a networked laser.Over time the laptop has been replaced with a Win7 (which will access the files but really doesn't the NT4 domain.) The Win98 has died and now finally the NT4 sever has gone too.I intend to revert now to a workgroup type set-up and forget about domains (I don't need it really) My problem is if I remove my XP machine from the domain I loose all the program menu, shortcuts desktop etc. which are stored under the domain user name login.Can I retrieve these or at least look at them so I can set up the local XP administrator account with all my familiar stuff.
View 3 Replies
View Related
Jul 5, 2012
I hav windows server 2003 w/ 3 clients on my home network.2 of these machines link w/ server when i formatted & try to link 3rd machine it says "A domain controller for the domain fits.local could not be contacted" this problem I have 2003 server + isa server 2004 + exchange server 2003 installed in one core i3 machine..........
View 9 Replies
View Related
Feb 10, 2011
I am having trouble adding a computer to the Domain Controller. I have a cable modem running into a di-524 router. The router has DHCP and DNS relay disabled. I set the LAN IP Address of the router to 192.168.2.1. The router is connected to a switch with 10 pc's and a server running 2003. The server has an IP Address of 192.168.2.2. I setup a DHCP server inside 2003 with a scope of 192.168.2.100-192.168.2.199. Under scope options the router is set to 192.168.2.1 and DNS Servers is set to 192.168.2.2 (the ip address of the domain controller). When I try to add the computer it cannot contact the domain controller. Is there something wrong with my DHCP config or DNS?
View 3 Replies
View Related
