Hi,
I have TACACS+ set up on Cisco ISE 2.2 and the profile is set up to authenticate users against AD. When I attempt to run a backup job on my Solarwinds Network Configuration Manger, only 2 or 3 devices are successfully backed up out of 45. Looking at the logs in ISE it says that user was not found, despite it being "found" for 3 of the attempts.
To try and see what was going on, I attempted this using a python script which would launch 45 simultaneous SSH sessions (Multithreaded) and return the value of a show command for each session. This also failed, except for a few attempts. So, after trail and error, I introduced a 3 second delay between each thread, meaning ISE would only see one auth attempt every 3 seconds from this user, which got things to work, all 45 sessions authenticated successfully.
At this point, I figure it has to be something going wrong in the communication between ISE and the AD server. To prove this I set up an internal username on ISE and use it it to run the test without 3 seconds delays. The result was the python script worked for all sessions, and also my NCM server was able to complete the whole backup job without issues using this internal user.
So I guess my question is, has anyone ran into a similar issue? Does Microsoft AD have an issue with authenticating the same user over and over in a very short time span?
No comments:
Post a Comment