Cisco Cisco Prime Network Registrar 8.1 User Guide
Cisco Prime Network Registrar IPAM 8.1.1 User Guide
180 Administrators “How to” Section
2. Create a new user and set the password.
3. Once user is created, right-click on the user and choose
3. Once user is created, right-click on the user and choose
Properties.
4. Choose the
Account tab.
5. Select the following checkboxes:
Use DES encryption types for this account
Do not require Kerberos preauthentication
Note: Due to various configuration options with MS AD security, if Cisco Prime Network
Registrar IPAM cannot authenticate with MS AD, and you receive
SERVFAIL
messages in the
Cisco Prime Network Registrar IPAM Agent log file when performing a DDNS
Configuration/Deployment, you must deselect
Do not require Kerberos preauthentication.
If the option is enabled for Windows 2008, the DDNS push task completes with the
following error “The operation was refused by the server”.
6. Save the changes by clicking
OK.
7. Right-click on the user and choose
Reset Password, and set the password again.
7.4.3 Cisco Prime Network Registrar IPAM
Follow these steps:
Follow these steps:
1. Navigate to
System >Network Services Policies & Options > Server Pairs.
2. Create a server pair and ensure the following:
Realm name is in all capital letters
Realm name matches the realm used in Active Directory
User name and password match the case used in Active Directory
7.4.4 Other Considerations
Follow these steps:
Follow these steps:
1. If the Executive is running on UNIX, ensure that the FQDN of the AD server
appears
before the short hostname in /etc/hosts. Ex:
10.30.8.46 adsrvr.example.com adsrvr
2. The AD account can be either a normal user or a service account
3. The AD account must be allowed “Full Control” to each domain that is to be
3. The AD account must be allowed “Full Control” to each domain that is to be
dynamically updated.
4. Target server must be in Notify List
5. Target server must be in Zone Transfer list.
5. Target server must be in Zone Transfer list.