Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Join AD from ACS 5.3 - DNS problem?

Hi!

When I try to add Active Directory as an Identity Store, I received:

Connection test to 'jerico.lan.vusecurity.com' failed.

Further information on status:

   - Can not resolve network address

From console nslookup:

nslookup lan.vusecurity.com

Trying "lan.vusecurity.com"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54233

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:

;lan.vusecurity.com.            IN      ANY

;; ANSWER SECTION:

lan.vusecurity.com.     3600    IN      NS      jerico.lan.vusecurity.com.

lan.vusecurity.com.     3600    IN      SOA     jerico.lan.vusecurity.com. hostmaster. 7 900 600 86400 3600

;; ADDITIONAL SECTION:

jerico.lan.vusecurity.com. 3600 IN      A       192.168.1.137

jerico.lan.vusecurity.com. 3600 IN      A       192.168.1.103

jerico.lan.vusecurity.com. 3600 IN      A       192.168.1.128

jerico.lan.vusecurity.com. 3600 IN      A       192.168.56.1

Received 167 bytes from 192.168.1.103#53 in 10 ms

acsbrou/admin# nslookup jerico.lan.vusecurity.com

Trying "jerico.lan.vusecurity.com"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47734

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;jerico.lan.vusecurity.com.     IN      ANY

;; ANSWER SECTION:

jerico.lan.vusecurity.com. 3600 IN      A       192.168.1.103

jerico.lan.vusecurity.com. 3600 IN      A       192.168.1.137

jerico.lan.vusecurity.com. 3600 IN      A       192.168.56.1

jerico.lan.vusecurity.com. 3600 IN      A       192.168.1.128

Received 107 bytes from 192.168.1.103#53 in 0 ms

Whatever I try failes:

VU as the domain real

lan.vusecurity.com wich is the fqdn

jerico.lan.vusecurity.com hostname + fqdn

Also check clock and timezone, I just need to do a 1 hour manual adjustement to by on sync with AD.

acsbrou/admin# show clock

Sat Dec 14 07:41:51 ARST 2013

acsbrou/admin#

         Any idea could help

Thanks!

1 REPLY

Join AD from ACS 5.3 - DNS problem?

Hi,

you fixed the time difference between ACS and the AD? there must be no more than 5 minutes time difference.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
320
Views
0
Helpful
1
Replies
CreatePlease login to create content