Guest

Preview Tool

Cisco Bug: CSCte92062 - ACS should be able to query only desired DCs

Last Modified

Mar 01, 2018

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.1(0)

Description (partial)

Symptom:
Currently on 5.0 and 5.1, the ACS queries the DNS with the domain, in order to get a list of all the DCs in the domain and then tries to communicate with all of them.

If the connection to even one DC fails, then the ACS connection to the domain is declared as failed.

A lot of customers are asking for a change on this behavior.
It should be possible to define which DCs to contact and/or make ACS to interpret  DNS Resource Records Registered by the Active Directory Domain Controller to facilitate the location of domain controllers. Active Directory uses service locator, or SRV, records. An SRV record is a new type of DNS record described in RFC 2782, and is used to identify services located on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.

Conditions:
Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.