AD authentication with Meraki Agent not working

Solved
RickA
Here to help

AD authentication with Meraki Agent not working

Early last week we found that AD authentication was not working with a local network server and the Meraki Agent (ver. 3.1.1). We also attempted to create a case through our Meraki Dashboard and found we are unable to do so. We have placed numerous calls to Meraki, and have been waiting for approximately 4 days now to have the Meraki Developers look into this.

 

Issue 1:  we are unable to use AD authentication to the Meraki Agent (ver. 3.1.1) on a local network server. We rebooted the server, we have removed Windows patches installed approximately a week earlier and we can authenticate through the MX directly instead of the Meraki Agent.

 

Issue 2: we are unable to create a new Meraki Case through the Meraki Dashboard.

 

Anyone else experiencing similar issues, and have you been able to find a resolution? We know Meraki is working heartily on this, but this waiting game is much too long as we need to add several new devices and unable to authenticate properly.

1 Accepted Solution
RickA
Here to help

Pertaining to our two issues (1) AD authentication using SM Agent 3.1.1, this issue appears to be resolved. However, we have not received word from Meraki what the root cause and fix are as of yet.

 

For our second issue (2) unable to create new Meraki Case within the Meraki Dashboard, this issue appears to be resolved. However, we have not received word from Meraki what the root cause and fix are as of yet.

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

I can't think of a setup that uses AD Authentication and needs a local agent.  What kind of configuration do you have?

 

Is the account you are using a "full" administrator?

If you create another administrator (or log in as a different administrator) and log in as that user are you able to create a case?

RickA
Here to help

@PhilipDAth- if your Meraki equipment is on a private network, and you allow users to "authenticate" for security sakes and to ensure not just anyone can get into your system you have to have some type of authentication method. We chose AD Authentication, which allows us to point our Meraki Dashboard to a network server. Within this network server you need to setup the Meraki Agent (latest version is 3.1.1). This ensures you restrict access to your network and enforces group policies based on membership in Active Directory groups.

 

In the event you were replying to "Creating a Meraki Case" these are Meraki accounts (AD authentication is the other issue). We have actually had three separate administrators all attempt to create a new Meraki Case and could not do so. We ended up calling into Meraki Support several times, always waiting for at least 30 minutes to have Support team members create the case for us. As outlined in my post, there are two separate issues.

EPSD_Robert
Conversationalist

Hey @RickA ,

 

We have had the same problem in our organization. We identified the problem on the morning of the 22nd and after troubleshooting our own network, then called Meraki.

 

The agent that we talked with let us know that there were other trouble calls coming in about this issue. We got some diag info to the rep and that was the end of it after we had a case opened. They did provide a work around (although it doesn't work for us as there are downstream things that rely on device enrollment) and that was to go into the network, the Systems Manager>Configure (tab)>General, then to look for the Enrollment Settings heading and unchecking the box next to Authentication.

 

This will cause your users not to have to enroll their device upon setup. If you need that device identified to a user, like we do, then you will need to go back to the device and assign the user manually. Not elegant, but necessary, at least for us.

 

I hope you have some luck.

RickA
Here to help

@EPSD_Robert - You are correct, the "End User authentication settings" is indeed where you setup how your users authenticate. The "AD gateway type" is where you setup your SM Agent to use Systems Manager installed on a Windows/Mac machine. Although we have the latest version, something we believe from the Meraki side broke and no longer works with this agent. Meraki Developers and Support confirmed this was the case, since they were able to reproduce the issue.

 

Unfortunately, another Engineer was working our case since I personally was doing some fire-fighting with staff. I believe Meraki had tested bypassing AD authentication by going directly to the MX (firewall), but I'm not 100% sure of the location to make that change. Just wondering if others were experiencing this issue and what steps they have taken to resolve. I appreciate your feedback, and will try to add any new notes from our Meraki Development team we may find.

RickA
Here to help

Pertaining to our two issues (1) AD authentication using SM Agent 3.1.1, this issue appears to be resolved. However, we have not received word from Meraki what the root cause and fix are as of yet.

 

For our second issue (2) unable to create new Meraki Case within the Meraki Dashboard, this issue appears to be resolved. However, we have not received word from Meraki what the root cause and fix are as of yet.

EPSD_Robert
Conversationalist

Hey @RickA,

 

I did end up getting a message from Meraki in the ticket that I had open that it was officially resolved, although we started seeing resolution before we were notified. We were not provided a reason why this happened either. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels