Cisco Bug: CSCte92062 - ACS should be able to query only desired DCs
Mar 01, 2018
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: Currently on 5.0 and 5.1, the ACS queries the DNS with the domain, in order to get a list of all the DCs in the domain and then tries to communicate with all of them. If the connection to even one DC fails, then the ACS connection to the domain is declared as failed. A lot of customers are asking for a change on this behavior. It should be possible to define which DCs to contact and/or make ACS to interpret DNS Resource Records Registered by the Active Directory Domain Controller to facilitate the location of domain controllers. Active Directory uses service locator, or SRV, records. An SRV record is a new type of DNS record described in RFC 2782, and is used to identify services located on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. Conditions: Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases