Guest

Preview Tool

Cisco Bug: CSCvv30172 - Intermittently after reboot, ADI can't join KCD

Last Modified

Sep 11, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.6(4.20)

Description (partial)

Symptom:
asa# sh webvpn kcd
KCD state:      Inactive
Kerberos Realm: xxxxxxxxx version:    0.1.0-68d4de6
ADI instance:   root      1744  1742  0 May18 ?        00:01:24 /asa/bin/start-adiKeytab file:    Not found

%ASA-3-199015: May 18 11:10:41 start-adi: adi.LdapRealm:auth: Can't contact LDAP server(ldap://0.0.0.0:389)

Conditions:
Kerberos/LDAP servers configured with fqdn, which are not getting resolved and marked as FAILED before start-adi process, even if they become active later.

Leading to retrieve the server's IP as 0.0.0.0, and due that it fails:
%ASA-3-199015: Jun 23 18:29:08 start-adi: adi.LdapRealm:ldapbind: Can't contact LDAP server
%ASA-3-199015: Jun 23 18:29:08 start-adi: adi.LdapRealm:auth: Can't contact LDAP server(ldap://0.0.0.0:389)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.