Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE redirect to the wrong domain name

Hello guys,

We changed a domain name of the ISE appliance and it started giving us grief. It was configured to redirect wireless users to the web registration and authentication portal. We properly added all required A records in DNS server and looked everywhere but didn't find anything that could give any clue.

Perhaps the old FQDN get stuck somewhere in the database.

Any idea? Please help !!!

6 REPLIES
Cisco Employee

ISE redirect to the wrong domain name

Hi

Check the configuration of Active Directory in the Admin portal and the DNS configuration in the Cisco ISE CLI.

New Member

ISE redirect to the wrong domain name

Thanks, Muhammad,

ISE CLI was already taken care of but AD portal settings was a good pointer. I'll have it changed and will try again.

Eugene

Bronze

ISE redirect to the wrong domain name

Case Solution:

Connecting to the Active Directory Domain

To reconnect with Active Directory domain, complete the following steps:

Step 1                                                   Choose Administration > Identity Management > External Identity Sources.

Step 2    From the External Identity Sources navigation pane on the left, click Active Directory.

Step 3    Enter the domain name in the Domain Name text box.

Step 4    Enter a friendly name in the Identity Store Name text box for your Active Directory identity source (by default, this value will be AD1).

Step 5    Clicks Save Configuration.

Step 6    To verify if your Cisco ISE node can be connected to the Active Directory domain, click Test Connection. A dialog box appears and prompts you to enter the Active Directory username and password.

Step 7    Enter the Active Directory username and password and click OK.

A dialog box appears with the status of the test connection operation.

Step 8    Click OK.

Step 9    Click Join to join the Cisco ISE node to the Active Directory domain.

The Join Domain dialog box appears.

Step 10    Enter your Active Directory username and password, and click OK.

Step 11    Check the Enable Password Change check box to allow the user to change their password.

Step 12    Check the Enable Machine Authentication check box to allow machine authentication.

Step 13    Check the Enable Machine Access Restrictions (MARs) check box to ensure that the machine authentication results are tied to the user authentication and authorization results. If you check this check box, you must enter the Aging Time in hours.

Step 14    Enter the Aging Time in hours if you have enabled MARs.

This value specifies the expiration time for machine authentication. If the time expires, the user authentication fails. For example, if you have enabled MARs and enter a value of 2 hours, the user authentication fails if the user tries to authenticate after 2 hours.

Step 15    Click Save Configuration.

Step 16. Create Certificate Authentication Profile

Step 17: Import CA Certificates into ISE Certificate Trust Store

Step 18: Configure CA Certificates for Revocation Status Check

Step 19: Enable Client Certificate-Based Authentication

Please check below link for certificates configurations

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_admin.html#wp1122804

Cisco Employee

ISE redirect to the wrong domain name

could you please check if your device is pointing towards the right server and that is IP address of ISE? so that right domain can be pointed to..

Cisco Employee

Re: ISE redirect to the wrong domain name

Zheka,

I guess we saw the similar query in this forum before as well.

https://supportforums.cisco.com/thread/2218780

That's because certificate presented to the client is still OLD. You need to generate a new cert and install it on ISE and make sure DNS is updated.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ISE redirect to the wrong domain name

What kind of weird logic is here ? What does redirect have to do with certificate?

Moreover, when I try to generate the new certificate I can't use it because the old ones are associated with a protocol HTTPS and EAP and can't disable them because these check boxes are greyed out

411
Views
0
Helpful
6
Replies
CreatePlease to create content