Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
2
Replies

ISE RODC working case

Qingguo Zhang
Cisco Employee
Cisco Employee

‎09-26-2018 08:49 AM

Hello experts

 

Customer would like to set up a new RODC to integrate with ISE in their DC ,  this is to minimize the impact for normal AD in production .  As per previous discussion and documentation on ISE ,  RODC works only primary DC (ISE joined) is failure and having some limitation ,  

https://community.cisco.com/t5/identity-services-engine-ise/cisco-ise-rodc/td-p/3450318

 

1. If ISE joined regular DC first  in a setup with RODC , then disconnect regular DC and ISE joined to RODC,  My testing on this is unsuccessful (still in troubleshooting) ,     what is detailed working scenario with RODC ?  

2. if RODC is not working with MS-CHAPv2 ,  then most popular 802.1x may not  be working , is it true ?

 

thanks

Qingguo

0 Helpful
2 Replies 2

Timothy Abbott
Cisco Employee
Cisco Employee

‎09-26-2018 08:58 AM

In the community thread you mentioned, the RODC can only be used as a backup for the supported operations. If ISE does use a RODC in a site where ISE is joined to a regular DC, then it will be subject to those RODC limitations.

Regards,
Tim
0 Helpful

Qingguo Zhang
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎09-26-2018 05:57 PM

Could you provide detailed steps or conditions for RODC testing?

What about 2nd question?
0 Helpful
Customers Also Viewed These Support Documents