Meraki

Community

Change of AD site generating WMI errors on MX security appliance

INS
New here
‎Feb 1 2023 12:28 PM
‎Feb 1 2023 12:28 PM

Change of AD site generating WMI errors on MX security appliance

Hello-

I work for an organization that has geographically changed from two physical sites to a single physical site.  Two domain controllers are located on the remaining site.  Previously, AD Sites and Services had two sites, one defined for each physical location.  As of a week ago, only one physical site existed in AD Sites and Services - for the remaining location (SiteA).  Seeing as there is only one physical site remaining, I saw no need to keep SiteA and moved all AD-related objects to Default-First-Site-Name and then deleted SiteA.  In other words, I set everything back to out-of-the-box defaults.

 

I did not see any impact on other Active Directory operations.  However, I now am seeing a WMI error under on my Meraki MX security appliance under Security & SD WAN-->Active Directory Authentication-->Active Directory Servers.  I implemented the fixes in this article, without success:  Active Directory Issue Resolution Guide - Cisco Meraki.

 

Suggestions?

Thanks

0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 1 2023 12:32 PM
‎Feb 1 2023 12:32 PM

Check all required settings:

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
INS
New here
‎Feb 1 2023 2:01 PM
‎Feb 1 2023 2:01 PM

1.  In AD Sites and Services, the site is Default-First-Site-Name.  This is the only site.  There is a single subnet - 192.168.11.0/24.

2.  Security auditing has been verified as both Success and Failure enabled on the Default Domain Controllers Policy.

3.  The Global Catalog role has been enabled on both of the two DCs.

4.  I digital certificate for both domain controllers was located under Personal-->Certificates.  The certificates are valid.

5.  The certificates meets the requirements for TLS.

0 Kudos
In response to INS
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 2 2023 2:34 AM
‎Feb 2 2023 2:34 AM

So, all settings are good, my suggestion is to open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.