We're trying to join a test ACS to our current domain.
When trying, we get a weird "cannot resolve domain" error.
When looking at debug, we get
Jan 18 2010 14:28:32 CisACS_33207 66 1 1 BL AD Operation warning , ADOperationResult=unable to create secured connection against AD server, switching to non-secured connection. javax.naming.CommunicationException: simple bind fai
led: domain01.domain.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake], DomainName=domain.local, AdminName=admin-user, AdminSession=D3F9E8998F70F80EEEF763DFAB6C412B, AdminInterf
Looks like When the ACS 5.1 API requests the ticket for the admin user we're getting the following error back "KRB5KDC_ERR_ETYPE_NOSUPP". Doing a quick Google search shows that the error has to do with the encryption type not being supported on that server. Also, make sure that we are not running windows 7 that could be a issue.
ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time. Another one is a valid DNS server which can resolve internal names.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...