Folks,We are running two domain controllers within our environment and we have set up a ACS with version 4.0 for user authentication. Assumpt that one domain is named as A.com (Windows 2003 server) and another as B.com (Windows 2008 server). ACS now is a member of domain A.com and these 2 domains are configured to trust each other.We have no issue Enumerating windows groups on domain A.com. Unfortunately when we attempt to enumerate windows groups on domain B.com, we are receiving an error indicating "failed to enumerate windows groups. if you are using active directory consult installation guide for information".I did capture traffic between ACS and domain B.com and figured out that status_Access_denied error took place When ACS attempted to authenticate to domain B.com through protocol SAMR.Is there anything we can do to resolved this issue? Your suggestion will be most appreciated.Thank you!
Make sure that the remote domain name (B.com) you specified in the database group mapping screen is the NETBIOS name, not the AD domain name. If you enter "cisco.com" as the domain name, it will fail.
If this is already OK, then you have a permissions issues. The ACS services (running on A.com member server) must be running as a user that can read all user/group properties on the target domain. Normally this user should be a part Domain Admin group.
In the below listed link please focus on the Step 2 Add CISCO workstation.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :