DNS Domain name ISE 1.2

Similar Messages

• Dns domain name change

  I have just change the DNS domain name of my ISE from CLI and restarted the appliance (its a 3395 appliance)
  However,, when i log in via GUI it doesnt reflect the new dns name.
  Any ideas please?

  let's see my task as follows;
  1.change ip domain-name =xxx
  2.ISE will ask you to restart app service then answer yes
  3. i make "write memory"
  4. i reload the ise
  you choose check the dns name in forward zone and reverse zone too.
  These are what i do if i require to change ise information
  Sent from Cisco Technical Support Android App

• TREX Patch Installation ERROR - DNS Domain Name

  Dear all,
  I have been facing a problem with a TREX Installation and I would like to request your help.
  After successfully installing a portal (EP 7)  and a TREX instance (7.00), I encountered the following error
  while trying to install the TREX patch.
  The Error that pops-up is the following:
  "unknown message ID (osmod.hosts.getHostByAddress2) with parameter(s): -84.-230.-250.114".
  This error appears when the installation reaches the 'DNS Domain Name' step.
  The installation cannot procceed without resolving this issue.
  I have been trying to install patch 49, which I have successfully installed in other TREX instances so there
  should be no error with the binaries.
  Has anyone come across a similar situation?
  I would appreciate your input on the matter
  Thanks in advance,
  Kontogianni Eleni
  Edited by: Eleni Kontoyanni on May 20, 2011 2:36 PM

  Dear Eleni,
  The issues that I have encountered where unrelated, otherwise I would have mentioned them for you as a clue
  But what I was trying to say is that although sometimes prerequisites look OK there can be a bug or exception in the SAP coding that might cause this. Examples of these non-related issues are:
  -  https://service.sap.com/sap/support/notes/1114042
  and
  - when using the KM Portal Drive with a description that is "to long" connection is suddenly not possible.
  I therefore advise you to open an OSS message @ SAP Support.
  Cheers,
  Benjamin

• SAP NetWeaver DNS Domain Name System for SAP?

  Hi all,
  I need to install SAP Netweaver 7:01 SR1 ABAP Trial Version.
  I use Microsoft Windows XP.
  During the installation process asks the DNS Domain Name System for SAP.
  What should I put in this field?
  Following is the result of ipconfig:
  Ethernet adapter Local Area Connection 2:
  Connection-specific DNS Suffix....:
  IP Address.....................................: 10.10.0.10
  Subnet Mask..................................: 255.255.255.0
  Default Gateway...........................:
  The name of my machine is solaris.
  In the host file put the following:
  10.10.0.10 solaris
  I very much appreciate if someone can help me.
  Viviane

  Hi Viviane,
  Please check this thread:
  Error:Reverse lookup of address failed:(NW7.01ABAPTrailVersionInstallation)
  http://en.wikipedia.org/wiki/Domain_name_system
  Hope it helps.
  Regards,
  Arun

• DNS Domain Name for SAP System

  Hi,
  I am installing BI7.1 , it is asking for DNS Domain Name for SAP System.
  What to give i dont know please some one help
  Thanks,
  Jack

  Hi,
  Pls chk this link;
  http://en.wikipedia.org/wiki/Domain_name_system
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/994a06ed-0c01-0010-878b-e796a9060209
  Regards
  CSM Reddy

• Different DNS domain name

  We have an architecture compose of two gateways and one portal/profile server, the are all respondig under the same DNS domain name, "domainname.ca". The client is looking to installed a third gateway under a different DNS domain name "newdomainname.com", but want to use the same portal/profile server.
  Is this possible, if so how?

  Hello,
  Try to edit the unknown server. After this click "Resolve". Your IP address will appear.
  Click OK and now your server will have an associated IP address.
  Regards.
  Seb.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Difference between 006 DNS Servers and 015 DNS Domain Name

  hi,
  what's difference between 006 DNS Servers and 015 DNS Domain Name?
  please guide me.

  Hi
  Option 006 DNS servers           = IP Address of your DNS Server, e.g, 10.10.10.1
  Option 015 DNS Domain Name       = test.local, your domain name.
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• DNS domain name to calcualte FQDN

  Hi ,
  I am stuck at the define parameter while installing Netweaver on Windows server 2008 R2 on MS-SQL2008
  at this step it says " you have entered an invalid value in the highlighted field.
  I dont have any exposure to windows 2008 R2 server, I think its to change the workgroup to domain name?
  Does anyone know what steps I need to follow?

  Hi Sunny Pahuja,
  Thanks for your response
  I am actually creating POC environment for SSO( single sign on project) , this is the first server. I resolved the issue myself.
  I was installing on a Windows 2008 server workgroup, I just converted the member server to domain controller
  I could move a step further with Netweaver install.

• Change hostname to registered DNS domain name in URL

  Hi all,
  We have just new install of IAS 1.0.2.1
  Now server is responding on the hostname fe: http://myserver. We have registered name of the domain fe. www.ourdomain.com and we want to apply it for our application server.
  I know that I have to change httpd.conf file. What are next steps?
  Thanks Marcin

  Marcin,
  Run the ssodatan script from the OS command line to associate your new domain with the portal and login server. Too see the paramaters/options required by ssodatan, run ssodatan without any options. A slightly more detailed explanation of ssodatan is in the Oracle Portal Configuration Guide.
  Best,
  Jay

• AD Migration from NT 4.0 using New Domain Name & Unity UM

  The customer currently has Unity 3.1(5) UM with Exchange 5.5 in NT 4.0 domain. They will be migrating to AD 2000 during phase 1 of the project, which will be followed by Unity upgrade to 4.0(4) a few weeks afterwards.
  During the phase 1, Exchange 2003 will be introduced, but the mailboxes will remain in Exchange 5.5 until phase 2.
  Here is the migration path proposed by the customer for the phase 1.
  1. Current DNS will be isolated to a W2K server with the new domain defined in the DNS. All servers will point to this DNS server as their primary.
  2. A BDC will be setup and then removed from our network.
  3. Our PDC will be upgraded to Windows 2000 server. AD will be setup with a new domain of XXX.PRV
  4. Service packs will be applied to the server.
  5. The AD connector will be installed for Exchange 5.5
  6. An additional W2K server will be brought online as a DC and additional global catalog.
  I do realize that domain name change is not supported for Unity, but would this have any impact on Unity? Basically, the PDC that will be upgraded to W2K DC will retain old domain name (XXX_NT) as the NetBios name whereas the new DNS domain name will be XXX.PRV.
  Since Unity does not need to talk to AD or Exchange 2003 at all until the phase 2, I’m thinking this would be okay, but wanted to get some expert opinions on it. Also, the customer has tested some legacy servers in the lab, and they were able to authenticate against the XXX_NT domain name in the new XXX.PRV AD environment.
  Phase 2 will consist of the following tasks.
  1. Run DB Walker.
  2. Back up using DiRT.
  3. Extend AD schema.
  4. Upgrade Unity to 4.0(4).
  5. Disconnect Unity from Exchange 5.5.
  6. Upgrade Exchange System Manager on Unity.
  7. Re-establish Exchange partner relationship using Exchange 2003.
  8. Run DB Walker.
  9. Move Exchange 5.5 mailboxes to Exchange 2003.
  Thank you bunch!
  Han

  Your project (from oh so long ago) looks very similar to what I am proposing to do now.  I currently run Cisco Unity 4.0.4 SR1 with Exchange 5.5 (Unified Messaging), on an NT4 network.  I have recently upgraded my network to Windows 2003 with Active Directory.  I am building a new Exchange 2003 server in the new domain but not upgrading Unity 4.0.4--at least, not yet.  I am looking to change the Partner Exchange server to point at the new Exchange server.  I see no docs that cover such a scenario--only lateral moves (5.5 to 5.5, 2003 to 2003).  As long as the ADC is in place, do you think I even have to change the Partner server when my new Exchange server comes online (initially)?  How did your project turn out?  Did you have to change the process you outlined above?
  Thanks for any info!
  John

• How can I find the currently logined domain name on Windows??

  Dear,
  I've a program that query some user account information from A.D.
  But I don't want to hard code anything.
  I've read some previous post about using LDAP, and using DNS queries to found all LDAP server of A.D.
  But how can I get the A.D. domain name in Java?
  for example
  ldcp://_ldap._tcp.xxxx.yyyy
  I want to get "xxxx.yyyy" from the logined user account. It is possible in Java.

  You coud use the NTSystem class to derive the NetBIOS domain name, however without doing some gymnastics it isn't easy to derive the fully qualified domain name. import java.io.*;
  import com.sun.security.auth.module.NTSystem;
  class NTDomain {
       public static void main(String[] args) {
            NTSystem system = new NTSystem();
            String domain = system.getDomain();
            System.out.println("Domain: " + domain);
  }The only other alternatives could be to check the domain suffix of the user principal that was authenticated via Kerberos ....
  lc = new LoginContext(searchkrb5.class.getName(),new SampleCallbackHandler());
       lc.login();
       catch (LoginException le) {
            System.out.println("Logon failed: " + le);
            System.exit(-1);
       System.out.println("Authenticated via GSS-API");
          System.out.println("User: " + lc.getSubject().getPrincipals().toString); however I think that you still have to specifify the Kerberos realm in the apps configuration file.
  Another alternative could be to make assumptions about the machines hostname, however one day an assumption will always be proven wrong, (eg. The machine's DNS domain name does not need to match the Active Directory domain).
  Unless there is a Java API to read the Windows registry or extract Kerberos ticket information from the WIndows Kerberos ticket cache, you may be kind of stuck.

• Attaching a Domain name

  I recently purchases a domain name and now I want to attach
  it to an actual site I've been working on. My dad owns the web
  space and I've established a link from his site to my own but I
  don't know how to attach the domain to the actual site. If someone
  could point me in the right direction I would appreciate it.

  In general- an account has to be set up on the hosting for
  this domain, and
  you set the DNS (Domain Name Servers) at the domain name
  Registrar to the
  name server for that hosting.
  If the hosting account has a WHM web hosting control panel,
  add the account
  there.

• Intel vPro with wired 802.1x issue with domain name

  Hello guys,
  this issue is may not related to SCCM directly, but intel forums are really poor so i´d like to ask here...
  The Case: We are currently provisioning our vPro chips with SCCM SP2 R3 and almost everthing worked as expected (Provisioning OK, OOB Console OK, PowerControl OK even TLS and Kerberos are working. But there is an issue with the 802.1x authentication. It
  seems the vPro chips are not using the correct domain name. Lets say our DNS domain name is
  vpro.com and the NETBIOS Name is coprvro . There are no child or other domains. vPro chips are presenting now
  vpro\COMPUTERNAME$iME instead of vpro.com oder corpvro
  so the Radius Server (Windows Server 2008 R2 - NPS) is saying ReasonCode 7 "...domain is not existing...". AuthenticationType and EAP Type are correct. Usually user- and computeraccounts are using
  corpvro as domain name.

  Hi Dan,
  thank you for your reply. I've already done this in the second place using the SDK and winrm ($8021XProfileInstance.GetProperty("Domain")). I've no idea were SCCM is getting this domain name from. Its cutting off the top level domain extension,
  may be SCCM is assuming that this equals the NETBIOS domain name but that is not the case. This is only a guess, in detail I need to know in fact on what basis SCCM is choosing the domain name, then i can fix this...
  Intels SCS putting the correct NETBIOS domain name in the amt config, used certificates are the same...

• ISE redirect to the wrong domain name

  Hello guys,
  We changed a domain name of the ISE appliance and it started giving us grief. It was configured to redirect wireless users to the web registration and authentication portal. We properly added all required A records in DNS server and looked everywhere but didn't find anything that could give any clue.
  Perhaps the old FQDN get stuck somewhere in the database.
  Any idea? Please help !!!

  Case Solution:
  Connecting to the Active Directory Domain
  To reconnect with Active Directory domain, complete the following steps:
  Step 1                                                   Choose Administration > Identity Management > External Identity Sources.
  Step 2    From the External Identity Sources navigation pane on the left, click Active Directory.
  Step 3    Enter the domain name in the Domain Name text box.
  Step 4    Enter a friendly name in the Identity Store Name text box for your Active Directory identity source (by default, this value will be AD1).
  Step 5    Clicks Save Configuration.
  Step 6    To verify if your Cisco ISE node can be connected to the Active Directory domain, click Test Connection. A dialog box appears and prompts you to enter the Active Directory username and password.
  Step 7    Enter the Active Directory username and password and click OK.
  A dialog box appears with the status of the test connection operation.
  Step 8    Click OK.
  Step 9    Click Join to join the Cisco ISE node to the Active Directory domain.
  The Join Domain dialog box appears.
  Step 10    Enter your Active Directory username and password, and click OK.
  Step 11    Check the Enable Password Change check box to allow the user to change their password.
  Step 12    Check the Enable Machine Authentication check box to allow machine authentication.
  Step 13    Check the Enable Machine Access Restrictions (MARs) check box to ensure that the machine authentication results are tied to the user authentication and authorization results. If you check this check box, you must enter the Aging Time in hours.
  Step 14    Enter the Aging Time in hours if you have enabled MARs.
  This value specifies the expiration time for machine authentication. If the time expires, the user authentication fails. For example, if you have enabled MARs and enter a value of 2 hours, the user authentication fails if the user tries to authenticate after 2 hours.
  Step 15    Click Save Configuration.
  Step 16. Create Certificate Authentication Profile
  Step 17: Import CA Certificates into ISE Certificate Trust Store
  Step 18: Configure CA Certificates for Revocation Status Check
  Step 19: Enable Client Certificate-Based Authentication
  Please check below link for certificates configurations
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_admin.html#wp1122804

• ISE node registering after change domain-name

  At Customer Site I changed the domain name of our 4 ISE server before they were registered to any deployment. I regenerated a self signed certificate and started to register the other nodes to the deployment. This went well for the 2 PSN nodes which have a ip address in a different subnet. I tried to register the presumed secondarry PAN/MnT node and got the following error message "
  Node beiing registerd has FQDN 'ISE-PAN-AP02.office.intern' which cannot be resolved. Please check your DNS configuration."
  My DNS config is in order.
  Can anyone please tell me want possible can be the cause of this?

  Please check these Prerequisites:
  The fully qualified domain name (FQDN) of the standalone node that you are going to register, for example, ise1.cisco.com must be DNS-resolvable from the primary Administration ISE node.  Otherwise, node registration will fail. You must enter the IP addresses  and FQDNs of the ISE nodes that are part of your distributed deployment  in the DNS server.
  •The  primary Administration ISE node and the standalone node that you are  about to register as a secondary node should be running the same version  of Cisco ISE.
  •Node  registration fails if you provide the default credentials (username:  admin, password: cisco) while registering a secondary node. Before you  register a standalone node, you must log into its administrative user  interface and change the default password (cisco).
  •You  can alternatively create an administrator account on the node that is  to be registered and use those credentials for registering that node.  Every ISE administrator account is assigned one or more administrative  roles. To register and configure a secondary node, you must have one of  the following roles assigned: Super Admin, System Admin, or RBAC Admin.  See Cisco ISE Admin Group Roles and Responsibilities for more information on the various administrative roles and the privileges associated with each of them.
  •If  you plan to register a secondary Administration ISE node for high  availability, we recommend that you register the secondary  Administration ISE node with the primary first before you register other  Cisco ISE nodes. If Cisco ISE nodes are registered in this sequence,  you do not have to restart the secondary ISE nodes after you promote the  secondary Administration ISE node as your primary.
  •If  you plan to register multiple Policy Service ISE nodes running Session  services and you require mutual failover among those nodes, you must  place the Policy Service ISE nodes in a node group. You must create the  node group first before you register the nodes because you need to  select the node group to be used on the registration page. See "Creating, Editing, and Deleting Node Groups" section for more information.
  •Ensure  that the Certificate Trust List (CTL) of the primary node is populated  with the appropriate Certificate Authority (CA) certificates that can be  used to validate the HTTPS certificate of the standalone node (that you  are going to register as the secondary node). See the "Creating Certificate Trust Lists in the Primary Cisco ISE Node" section on page 12-24 for more information.
  •After  registering your secondary node to the primary node, if you change the  HTTPS certificate on the registered secondary node, you must obtain  appropriate CA certificates that can be used to validate the secondary  node's HTTPS certificate and import it to the CTL of the primary node.  See "Creating Certificate Trust Lists in the Primary Cisco ISE Node" section on page 12-24 for more information.