cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1322
Views
0
Helpful
6
Replies

ISE redirect to the wrong domain name

zheka_pefti
Level 2
Level 2

Hello guys,

We changed a domain name of the ISE appliance and it started giving us grief. It was configured to redirect wireless users to the web registration and authentication portal. We properly added all required A records in DNS server and looked everywhere but didn't find anything that could give any clue.

Perhaps the old FQDN get stuck somewhere in the database.

Any idea? Please help !!!

6 Replies 6

Muhammad Munir
Level 5
Level 5

Hi

Check the configuration of Active Directory in the Admin portal and the DNS configuration in the Cisco ISE CLI.

Thanks, Muhammad,

ISE CLI was already taken care of but AD portal settings was a good pointer. I'll have it changed and will try again.

Eugene

aqjaved
Level 3
Level 3

Case Solution:

Connecting to the Active Directory Domain

To reconnect with Active Directory domain, complete the following steps:

Step 1                                                   Choose Administration > Identity Management > External Identity Sources.

Step 2    From the External Identity Sources navigation pane on the left, click Active Directory.

Step 3    Enter the domain name in the Domain Name text box.

Step 4    Enter a friendly name in the Identity Store Name text box for your Active Directory identity source (by default, this value will be AD1).

Step 5    Clicks Save Configuration.

Step 6    To verify if your Cisco ISE node can be connected to the Active Directory domain, click Test Connection. A dialog box appears and prompts you to enter the Active Directory username and password.

Step 7    Enter the Active Directory username and password and click OK.

A dialog box appears with the status of the test connection operation.

Step 8    Click OK.

Step 9    Click Join to join the Cisco ISE node to the Active Directory domain.

The Join Domain dialog box appears.

Step 10    Enter your Active Directory username and password, and click OK.

Step 11    Check the Enable Password Change check box to allow the user to change their password.

Step 12    Check the Enable Machine Authentication check box to allow machine authentication.

Step 13    Check the Enable Machine Access Restrictions (MARs) check box to ensure that the machine authentication results are tied to the user authentication and authorization results. If you check this check box, you must enter the Aging Time in hours.

Step 14    Enter the Aging Time in hours if you have enabled MARs.

This value specifies the expiration time for machine authentication. If the time expires, the user authentication fails. For example, if you have enabled MARs and enter a value of 2 hours, the user authentication fails if the user tries to authenticate after 2 hours.

Step 15    Click Save Configuration.

Step 16. Create Certificate Authentication Profile

Step 17: Import CA Certificates into ISE Certificate Trust Store

Step 18: Configure CA Certificates for Revocation Status Check

Step 19: Enable Client Certificate-Based Authentication

Please check below link for certificates configurations

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_admin.html#wp1122804

Abha Jha
Cisco Employee
Cisco Employee

could you please check if your device is pointing towards the right server and that is IP address of ISE? so that right domain can be pointed to..

Jatin Katyal
Cisco Employee
Cisco Employee

Zheka,

I guess we saw the similar query in this forum before as well.

https://supportforums.cisco.com/thread/2218780

That's because certificate presented to the client is still OLD. You need to generate a new cert and install it on ISE and make sure DNS is updated.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

What kind of weird logic is here ? What does redirect have to do with certificate?

Moreover, when I try to generate the new certificate I can't use it because the old ones are associated with a protocol HTTPS and EAP and can't disable them because these check boxes are greyed out

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: