Cisco Cisco ASA 5525-X Adaptive Security Appliance Manuale Tecnico
integration fails. A message 'Connection failed with error: Join returned DNS_ERROR_BAD_PACKET'
displays when you click Test Connection:
displays when you click Test Connection:
If the Next−Generation Firewall cannot resolve the IP address for the domain configured, check the DNS
settings on the Next−Generation Firewall with the show dns and nslookup commands in order to confirm that
the hostname is resolvable by the device and that the DNS settings are correct.
settings on the Next−Generation Firewall with the show dns and nslookup commands in order to confirm that
the hostname is resolvable by the device and that the DNS settings are correct.
Network Connectivity Problems Between the Next−Generation Firewall
and the Active Directory Server
and the Active Directory Server
If the Next−Generation Firewall is unable to connect to the Active Directory server (due to a network problem
or a firewall setting on the machine), the integration fails. This could be caused if the connectivity on TCP
port 389 is blocked by a device (such as a firewall or router) between the Next−Generation Firewall and the
Active Directory server.
or a firewall setting on the machine), the integration fails. This could be caused if the connectivity on TCP
port 389 is blocked by a device (such as a firewall or router) between the Next−Generation Firewall and the
Active Directory server.
A message 'Connection failed with error: Join returned NERR_DCNotFound' displays when you click Test
Connection:
Connection:
If you see this message:
Confirm that the Next−Generation Firewall has basic IP connectivity to the server with the ping,
nslookup and traceroute commands from the CLI.
nslookup and traceroute commands from the CLI.
•
Verify that the firewall configured on the Active Directory server is configured in order to block the
connectivity from the Next−Generation Firewall on TCP port 389.
connectivity from the Next−Generation Firewall on TCP port 389.
•