https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/4780263#M580009 <P>Dear members,</P> <P>Could you share the solution to this please ?</P> Wed, 22 Feb 2023 08:20:45 GMT paulbangda 2023-02-22T08:20:45Z https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/3894313#M541367 <P>Dear Members,</P><P>&nbsp;</P><P>I am facing issue while joining to domain, it is giving below error. Please help how can i resolve this issue. The user ABC is authorized to join the domain. NTP is also synchronized</P><P>&nbsp;</P><P>Error Description: Access is denied<BR /><BR />Support Details...<BR />Error Name: ERROR_ACCESS_DENIED<BR />Error Code: 5</P><P>Detailed Log:<BR />12:57:31 Joining to domain XXXXDOMAIN.LOCAL using user ABC<BR />12:57:31 Checking credentials for user ABC<BR />12:57:31 Getting TGT for account ABC@XXXXDOMAIN.LOCAL<BR />12:57:31 TGT for account ABC@XXXXDOMAIN.LOCAL was retrieved successfully<BR />12:57:31 Credentials for user ABC were verified<BR />12:57:31 Searching for DC in domain XXXXDOMAIN.LOCAL<BR />12:57:31 Found DC: xxxxdc01.xxxxdomain.local , client site is Head-Office , dc site is Head-Office</P> Sun, 21 Jul 2019 10:03:46 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/3894313#M541367 munzirk 2019-07-21T10:03:46Z https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/3894479#M541368 <P>You might be using an older ISE release, as I expected the error would have indicated more details (see my example below). If you just learning on your own and not entitled to open a TAC case, then please enable TRACE on the component active directory, retry this join operation, and check the log file ad_agent.log. Also, you should be able to enable some auditing in AD and please seek Microsoft support if you need any help on that.</P> <P>Here is my error example:</P> <PRE><FONT size="1 2 3 4 5 6 7">Error Description: Access Is Denied Support Details... Error Name: ERROR_ACCESS_DENIED Error Code: 5 Detailed Log: Error Description : Cannot Open Machine Account ISE-1$ : Access Denied. Error Resolution : Please Make Sure That User Employee1 Has Sufficient Permissions To Change Account ISE-1$ Join Steps : 01:50:11 Joining To Domain DEMO.LOCAL Using User Employee1 01:50:11 Checking Credentials For User Employee1 01:50:11 Getting TGT For Account Employee1@DEMO.LOCAL 01:50:11 TGT For Account Employee1@DEMO.LOCAL Was Retrieved Successfully 01:50:11 Credentials For User Employee1 Were Verified 01:50:11 Searching For DC In Domain DEMO.LOCAL 01:50:11 Found DC: Ad.demo.local , Client Site Is Default-First-Site-Name , Dc Site Is Default-First-Site-Name 01:50:11 Generating Account Name For ISE Machine In DEMO.LOCAL 01:50:11 Searching For An Existing Machine Account 01:50:11 Searching Object By Filter : (&amp;(objectCategory=computer)(servicePrincipalName=host/ise-1.demo.local)) 01:50:11 Account: Ise-1 Was Found 01:50:11 ISE Machine Account Name Is : ISE-1$ 01:50:11 Creating Machine Account ISE-1$ 01:50:11 Connecting To AD Using DC Ad.demo.local 01:50:11 Connection To Ad.demo.local Established 01:50:11 Opening Domain DEMO 01:50:11 Domain DEMO Was Opened Successfully 01:50:11 Machine Account: ISE-1$ Already Exists , Opening Account. 01:50:11 Cannot Open Machine Account ISE-1$ : Access Denied.</FONT></PRE> Mon, 22 Jul 2019 01:57:22 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/3894479#M541368 hslai 2019-07-22T01:57:22Z https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/3894480#M541369 <P>Another possibility is some kind of ISE system issue; e.g.&nbsp;CSCvk23793</P> Mon, 22 Jul 2019 01:58:49 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/3894480#M541369 hslai 2019-07-22T01:58:49Z https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/4134627#M562299 <P>Hi,&nbsp;</P><P>How did you solved it? I have exactly the same issue in version 2.6</P> Wed, 12 Aug 2020 15:06:38 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/4134627#M562299 Ivan Miranda 2020-08-12T15:06:38Z https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/4172168#M563483 <P>Did you folks ever share your solution?</P> Fri, 23 Oct 2020 00:16:37 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/4172168#M563483 Gerad Parent 2020-10-23T00:16:37Z https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/4780263#M580009 <P>Dear members,</P> <P>Could you share the solution to this please ?</P> Wed, 22 Feb 2023 08:20:45 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-active-directory-joining-issue/m-p/4780263#M580009 paulbangda 2023-02-22T08:20:45Z