We are moving from a Novell to a Microsoft AD environment. The Domain controllers are running 2008. Running ACS 4.2 on a ACS SE appliance. So, we need to have a Windows remote agent. We have the unknown user policy active and we have some group mappings that will map our AD groups to ACS groups. When we create those mappings, we can see all of the groups in our Doamin, so we know that the Windows remote agent is working and ACS can see the domain. However, when we try to authenticate, it fails and ACS reports the error External DB not operational. Well, I know its operational because when I configure a group mapping, it sees the AD groups.
Any help is appreciated.