Guest

Preview Tool

Cisco Bug: CSCte92062 - ACS should be able to query only desired DCs

Last Modified

Mar 01, 2018

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases

5.1(0)

Description (partial)

Symptom:
Currently on 5.0 and 5.1, the ACS queries the DNS with the domain, in order to get a list of all the DCs in the domain and then tries to communicate with all of them.

If the connection to even one DC fails, then the ACS connection to the domain is declared as failed.

A lot of customers are asking for a change on this behavior.
It should be possible to define which DCs to contact and/or make ACS to interpret  DNS Resource Records Registered by the Active Directory Domain Controller to facilitate the location of domain controllers. Active Directory uses service locator, or SRV, records. An SRV record is a new type of DNS record described in RFC 2782, and is used to identify services located on a Transmission Control Protocol/Internet Protocol (TCP/IP) network.

Conditions:
Domain with multiple DCs were some are not accessible from the ACS due to security/geographic constraints.

Related Community Discussions

ACS HOW TO USE ADINFO
Hello, I need to see which domain Controllers that the ACS is communicating With. I tried;   XXXACS02/admin# acs troubleshoot adinfo --server This command is only for advanced troubleshooting and may incur a lot of network traffic Do you want to continue?  (yes/no) yes server1.domain.no The server1.domain.no is a server located at another location, so I don't think this is the primary server the ACS is talking to. Any other commands that would give the output?        
Latest activity: Feb 26, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.