Cisco Bug: CSCvs77194 - Active authentication using Kerberos won't work if DNS server returns a long list of hosts/ips
May 18, 2020
- Cisco Firepower Management Center
Known Affected Releases
6.3.0 6.4.0 6.5.0 6.6.0
Symptom: When testing Kerberos authentication by clicking "Test AD Join" button, it shows this error in ADI log "ADI:discovery [ERROR] Error parsing DNS answer for <domain_name> Note here that AD join is only relevant for kerberos type authentication. Conditions: DNS server returns a long line of hosts/ip that is tool long for UDP. This only applies for Active authentication configuration that uses Kerberos. Active authentication would work if it is basic or NTLM.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases