Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE 1.2 patch 4 not retrieving groups

Since the update to ISE 1.2 patch 4 it isn't possible anymore to retrieve groups or attributes from the active directory. It keeps loading.

Anyone else experiencing this issue?           

Regards,

Mathieu

Everyone's tags (4)
7 REPLIES
Cisco Employee

ISE 1.2 patch 4 not retrieving groups

Hi Jeroen,

This is the only defect CSCuj95908 that is addressed in ISE 1.2 patch 4 from AD component. Is the patch successfully installed on the ISE node.

If possible can you try retrieving the groups & attributes by removing the Patch 4.

On my ISE node I am able to successfully retrieve the groups & attributes with ISE 1.2 patch 4.

New Member

ISE 1.2 patch 4 not retrieving groups

Ok, that bug will probably be resolved soon.

I couldn't find the open caveats in the release notes

Cisco Employee

ISE 1.2 patch 4 not retrieving groups

The issue you are referring to is documented in the following CDETS:

CSCul84544: Retrieval of AD groups or attributes is failing

This is not yet resolved. May be resolved in a future patch

The workaround given in the CDETS is

Fix the DNS server so that the reverse DNS lookup matches

I believe there are other steps that can be taken to mitigate this but would need intervention from TAC

New Member

ISE 1.2 patch 4 not retrieving groups

Hi Jrabinow/JEROEN

i will install patch 4 , is it just the ISE can't retrieve new groups ? do users still authenticate against existing groups and

corresponding policies ?

Cisco Employee

ISE 1.2 patch 4 not retrieving groups

Patch 4 will not resolve this. Fix will be in a future patch.

Issue impacts retrieval of groups from the GUI only (I corrected CDETS title to reflect this). Users are still able to authenticate against existing groups and corresponding policies

New Member

ISE 1.2 patch 4 not retrieving groups

Patch 5 doesn't resolve this either.

Cisco Employee

ISE 1.2 patch 4 not retrieving groups

This is not part of patch 5. Will be resolved in a 1.2 maintenance release called 1.2.1 that should be available some time in March.

in the interim I think there are a few options:

- manually enter group names

- contact TAC and quote the CDETS. There are some well understood workarounds that TAC can help you configure

654
Views
0
Helpful
7
Replies