Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ACS 5.4 AD search very slow

Hi All,

Just started installation of ACS 5.4 & integrated it with AD.

My AD tree is very big & DL search from Acs 5.4 take longer time , sometime 5-8 mins for one DL or sometimes it times out.

Is their any way we can optimise AD search using internal settings in ACS5.4 or using some external AD agents.

Yoges

4 REPLIES
Cisco Employee

ACS 5.4 AD search very slow

This was the bug CSCub46074 in ACS 5.3 response is very slow with a large number of identity groups. It may be bug in 5.4 also. I am working on your query and get back to you.

New Member

We opened a TAC case and

We opened a TAC case and found the ACS will register with AD which is responding the fastest, but it may not register with specified server (you can see the hostname in the GUI after AD registration), the AD was responding very slow for DL search. With the root access the server IP address was changed and the DL search was less than a second. There is no issue with the ACS 5.4

Cisco Employee

ACS 5.4 AD search very slow

Hello Yoges,

FYI,

Just to add Ravi’s post, probably this could be a reason.

While trying to join ACS to the AD domain, ACS and AD must be time-synchronized. Time in ACS is set according to the Network Time Protocol (NTP) server. Both AD and ACS should be synchronized by the same NTP server. If time is not synchronized when you join ACS to the AD domain, ACS displays a clock skew error. Using the command line interface on your appliance, you must configure the NTP client to work with the same NTP server that the AD domain is synchronized with.

New Member

ACS 5.4 AD search very slow

Hi Munir,

AD tree is very big. There are no errors while joining the AD. Able to test and join the AD. No issues with NTP sync. After clicking on select button in Directory Group, it takes more than 3 to 4 minutes for the DL results to load or it times out and when we filter for specific DL it takes more than 7 to 8 minutes for results to appear or it times out again. Most of the time it times out. We have tested this with different name server IPs as well.

366
Views
0
Helpful
4
Replies