Guest

Preview Tool

Cisco Bug: CSCvs77194 - Active authentication using Kerberos won't work if DNS server returns a long list of hosts/ips

Last Modified

May 18, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.3.0 6.4.0 6.5.0 6.6.0

Description (partial)

Symptom:
When testing Kerberos authentication by clicking "Test AD Join" button, it shows this error in ADI log "ADI:discovery [ERROR] Error parsing DNS answer for <domain_name>
Note here that AD join is only relevant for kerberos type authentication.

Conditions:
DNS server returns a long line of hosts/ip that is tool long for UDP.
This only applies for Active authentication configuration that uses Kerberos.
Active authentication would work if it is basic or NTLM.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.