Document ID: 113424
Updated: Jan 26, 2012
Contributed by Michael Robertson, Cisco TAC Engineer.
This document describes how to identify and resolve a problem that occurs when you configure the Active Directory Agent software to interact with a Windows Domain Controller.
There are no specific requirements for this document.
The information in this document is based on the ASA Active Directory Software.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
When you use the adacfg dc create command in order to the install the Active Directory (AD) agent on a domain controller (DC) in your Windows domain, connection status between the AD agent and the DC is listed as down.
Use the adacfg dc list command in order to view connection status:
C:\IBF\CLI>adacfg dc list Name Host/IP Username Domain-Name Latest Status ---- ------------- ------------- ----------- ------------- dc 192.168.1.100 Administrator down
In addition, the adObserver log prints this error:
Mon Jan 23 08:24:23 2012: EXCEPTION OCCURED: .\DcMonitor.cpp:373 getDcVersion: Error with ConnectServer for DC: dc name: 192.168.1.100 hostname: 192.168.1.100 domain: mirober2.lab username: Administrator password: <hidden> Error code: 800706ba
When you add the AD agent to the DC, ensure that either the host name or the fully qualified domain name (FQDN) of the DC is used with the -host keyword.
Note: The DC IP address should not be used. IP address is not a valid value for the -host keyword. Refer to the adacfg dc create section of the Installation and Setup Guide for the Active Directory Agent for more information.
When the DC is added correctly and visible to the AD Agent, the adacfg dc list command shows the status of the DC as up:
C:\IBF\CLI>adacfg dc list Name Host/IP Username Domain-Name Latest Status ---- --------------- ------------- ----------- ------------- dc dc.cisco.com Administrator CISCO up
Note: Cisco Bug ID CSCto66192 has been opened as an enhancement request to allow an IP address as a valid value for the -host keyword.
Note: Currently, there are known issues when you use the DC host name. If you experience issues, use the FQDN, and then run the adacfg dc list command in order to check the status of the DC.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.