Guest

Preview Tool

Cisco Bug: CSCvv76083 - DOC : ISE account password update failed when remote SAM calls are restricted.

Last Modified

Sep 21, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.6(0.156)

Description (partial)

Symptom:
ISE is not able to update its machine account password and from the ISE dashboard getting alarm "AD: ISE password update failed".

When we join ISE to the AD domain. ISE will create a machine account on AD. ISE by default will change the password for the machine account every 15 days. ISE needs to make a remote calls to the SAM in order to update its machine account password, the issue happens when we have an ISE integrated with AD windows server 2016 active directory as this’s restricted, By default, computers beginning with Windows 10 version 1607 and Windows Server 2016 are more restrictive than earlier versions of Windows.

For further details please refer to the following link:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls


Conditions:
ISE integrated with windows server 2016 active directory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.