Hi Jay, I had a similar problem with an acs that suddenly disjoined from domain. After many hours of troubleshooting i decided to create a new ad user for the acs with admin rights this time and problem solved.
Regards Christos Sent from my iPhone On 23 Φεβ 2014, at 23:07, "[email protected]" <[email protected]> wrote: > Send CCIE_Wireless mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Wireless digest..." > > > Today's Topics: > > 1. Re: Joining ACS to AD (Jay Killion (jakillio)) > 2. Re: Joining ACS to AD (Andre Aubet) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 23 Feb 2014 19:40:45 +0000 > From: "Jay Killion (jakillio)" <[email protected]> > To: Jason Boyers <[email protected]>, ccie_wireless > <[email protected]> > Subject: Re: [OSL | CCIE_Wireless] Joining ACS to AD > Message-ID: <cf2fa862.15393%[email protected]> > Content-Type: text/plain; charset="windows-1252" > > Well, I've tried all the suggestions and still no luck. Here's where I'm at, > any other thoughts are appreciated? > > 1 ? AD server is also DNS server > > 2 ? Verified NTP / timezone is correct on both AD and ACS > > 3 ? AD name is "ccie.wireless". DNS has a single Forward Lookup Zone - > "wireless" with sub zone "ccie", containing A record for ccie.wireless as > 10.10.210.6. > > 4 ? From ACS, I can ping ccie.wireless, have it resolve and respond correctly > as 10.10.210.6 (nslookup works as expected also) > > 5 ? From ACS, if I try to ping ccie.wireless.com, it DOES NOT work. No idea > why, my AD / DNS knowledge is very limited? > > 6 ? Regardless of whether I use ccie.wireless or ccie.wireless.com when > trying to join ACS to AD, I get the "failed to resolve" error every single > time. > > Any thoughts? > > From: Jason Boyers <[email protected]<mailto:[email protected]>> > Date: Saturday, February 22, 2014 9:31 AM > To: Jay Killion <[email protected]<mailto:[email protected]>> > Cc: ccie_wireless > <[email protected]<mailto:[email protected]>> > Subject: Re: [OSL | CCIE_Wireless] Joining ACS to AD > > > Here's a good link on how to verify the SRV setup: > http://support.microsoft.com/kb/816587. > > Jason Boyers > > On Feb 22, 2014 10:28 AM, "Jason Boyers" > <[email protected]<mailto:[email protected]>> wrote: > > And, replace ISE with ACS in the last email. I'm doing ISE so much, my mind > auto-replaced it. Same concept, though. > > Jason Boyers > > On Feb 22, 2014 10:11 AM, "Jay Killion (jakillio)" > <[email protected]<mailto:[email protected]>> wrote: > Hi all - > > I'm having trouble adding ACS to AD, any tips would be appreciated. When I > go to 'External Identity Stores / Active Directory' in ACS, I enter the AD > name and credentials then 'test'. It always comes back with "can not resolve > network address". > > However, from ACS command line I can ping the domain name and it both > resolves and pings without issue. What should I check next? I don't > understand why I am able to resolve the name fine from CLI but the GUI won't. > > Thanks - > > Jay Killion, CCIE #17873 R/S > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: > www.youtube.com/ipexpertinc<http://www.youtube.com/ipexpertinc> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20140223/58d3b85c/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Sun, 23 Feb 2014 22:06:32 +0100 > From: Andre Aubet <[email protected]> > To: "Jay Killion (jakillio)" <[email protected]> > Cc: ccie_wireless <[email protected]> > Subject: Re: [OSL | CCIE_Wireless] Joining ACS to AD > Message-ID: > <CA+eR=u9zn_vxm-r+9pln+e_qyywr_ohdm8q8mubqyguka5r...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hi Jay, > > Your statements are really unclear. What is your domain name? Is it > ccie.wireless or ccie.wireless.com? > > On point 3 you say you have "wireless" as your Forward Lookup Zone and ccie > as a sub zone. In the same time, you say ccie is defined as an A Record. If > you have an A Record defined as ccie in the DNS zone ccie.wireless, the > FQDN for this host would be ccie.ccie.wireless. > > What is exactly your domain name (FQDN): ccie.wireless or wireless.com or > ccie.wireless.com? > > I think the easier way for us to help you would be to send screenshots of > the following: > > - Active Directory Users and Computers: > [image: Images int?gr?es 1] > > - DNS Management > [image: Images int?gr?es 2] > > > Here my domain is "cciew.intra" and is defined as a Forward Lookup Zone in > my DNS server. > The Domain Controller is defined as SOA and NS, and also as an A Record. > The FQDN for this specific host is "cciew-ad.cciew.intra" because the > hostname is "cciew-ad". > > Hope we can help you. > > Andre. > > > 2014-02-23 20:40 GMT+01:00 Jay Killion (jakillio) <[email protected]>: > >> Well, I've tried all the suggestions and still no luck. Here's where >> I'm at, any other thoughts are appreciated... >> >> 1 - AD server is also DNS server >> >> 2 - Verified NTP / timezone is correct on both AD and ACS >> >> 3 - AD name is "ccie.wireless". DNS has a single Forward Lookup Zone - >> "wireless" with sub zone "ccie", containing A record for ccie.wireless as >> 10.10.210.6. >> >> 4 - From ACS, I can ping ccie.wireless, have it resolve and respond >> correctly as 10.10.210.6 (nslookup works as expected also) >> >> 5 - From ACS, if I try to ping ccie.wireless.com, it DOES NOT work. No >> idea why, my AD / DNS knowledge is very limited... >> >> 6 - Regardless of whether I use ccie.wireless or ccie.wireless.com when >> trying to join ACS to AD, I get the "failed to resolve" error every single >> time. >> >> Any thoughts? >> >> From: Jason Boyers <[email protected]> >> Date: Saturday, February 22, 2014 9:31 AM >> To: Jay Killion <[email protected]> >> Cc: ccie_wireless <[email protected]> >> Subject: Re: [OSL | CCIE_Wireless] Joining ACS to AD >> >> Here's a good link on how to verify the SRV setup: >> http://support.microsoft.com/kb/816587. >> >> Jason Boyers >> On Feb 22, 2014 10:28 AM, "Jason Boyers" <[email protected]> wrote: >> >>> And, replace ISE with ACS in the last email. I'm doing ISE so much, my >>> mind auto-replaced it. Same concept, though. >>> >>> Jason Boyers >>> On Feb 22, 2014 10:11 AM, "Jay Killion (jakillio)" <[email protected]> >>> wrote: >>> >>>> Hi all - >>>> >>>> I'm having trouble adding ACS to AD, any tips would be appreciated. >>>> When I go to 'External Identity Stores / Active Directory' in ACS, I enter >>>> the AD name and credentials then 'test'. It always comes back with "can >>>> not resolve network address". >>>> >>>> However, from ACS command line I can ping the domain name and it both >>>> resolves and pings without issue. What should I check next? I don't >>>> understand why I am able to resolve the name fine from CLI but the GUI >>>> won't. >>>> >>>> Thanks - >>>> >>>> Jay Killion, CCIE #17873 R/S >>>> >>>> _______________________________________________ >>>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >>>> >>>> iPexpert on YouTube: www.youtube.com/ipexpertinc >> _______________________________________________ >> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >> >> iPexpert on YouTube: www.youtube.com/ipexpertinc > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: </archives/ccie_wireless/attachments/20140223/5f7c9d49/attachment.html> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: image.png > Type: image/png > Size: 51265 bytes > Desc: not available > URL: </archives/ccie_wireless/attachments/20140223/5f7c9d49/attachment.png> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: image.png > Type: image/png > Size: 9610 bytes > Desc: not available > URL: > </archives/ccie_wireless/attachments/20140223/5f7c9d49/attachment-0001.png> > > ------------------------------ > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > > End of CCIE_Wireless Digest, Vol 58, Issue 85 > ********************************************* _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
