Cisco Bug: CSCvv76083 - DOC : ISE account password update failed when remote SAM calls are restricted.
Sep 21, 2020
- Cisco Identity Services Engine
Known Affected Releases
Symptom: ISE is not able to update its machine account password and from the ISE dashboard getting alarm "AD: ISE password update failed". When we join ISE to the AD domain. ISE will create a machine account on AD. ISE by default will change the password for the machine account every 15 days. ISE needs to make a remote calls to the SAM in order to update its machine account password, the issue happens when we have an ISE integrated with AD windows server 2016 active directory as this’s restricted, By default, computers beginning with Windows 10 version 1607 and Windows Server 2016 are more restrictive than earlier versions of Windows. For further details please refer to the following link: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls Conditions: ISE integrated with windows server 2016 active directory.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases