https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166738#M591445 <P>Thanks for the response, Rob!&nbsp; the DC's and ISE servers are all in sync timewise.&nbsp; It will go through the point of creating an object in AD&gt;&nbsp; It will then give an error "Cannot Join with DC (name of device), searching for another DC"&nbsp;&nbsp;</P><P>&nbsp;</P><P>The Creds are valid and the user appears to have access if it is creating the object.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Any Idea what is causing this? I cannot create the Dot1x policies without this</P> Tue, 27 Aug 2024 19:35:09 GMT kyle311 2024-08-27T19:35:09Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166622#M591439 <P>I have a client who has 2 cisco ise 3.2 servers.&nbsp; When we try to join the first server to AD, it will fail out halfway through.&nbsp; There is connectivity between the ISE server and AD, as the network object will be created.&nbsp; However, the process dies out.</P><P>&nbsp;</P><P>Any suggestions on what may be causing this?</P> Tue, 27 Aug 2024 16:10:54 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166622#M591439 kyle311 2024-08-27T16:10:54Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166624#M591440 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1576730">@kyle311</a> is ISE and Active Directory time in sync, the maximum time difference between AD and ISE can be is 5 minutes. <A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215233-identity-service-engine-ise-and-active.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215233-identity-service-engine-ise-and-active.html</A></P> <P>Does ISE provide an error?</P> <P>Can ISE resolve the AD DNS names?</P> <P>&nbsp;</P> Tue, 27 Aug 2024 16:16:23 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166624#M591440 Rob Ingram 2024-08-27T16:16:23Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166738#M591445 <P>Thanks for the response, Rob!&nbsp; the DC's and ISE servers are all in sync timewise.&nbsp; It will go through the point of creating an object in AD&gt;&nbsp; It will then give an error "Cannot Join with DC (name of device), searching for another DC"&nbsp;&nbsp;</P><P>&nbsp;</P><P>The Creds are valid and the user appears to have access if it is creating the object.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Any Idea what is causing this? I cannot create the Dot1x policies without this</P> Tue, 27 Aug 2024 19:35:09 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166738#M591445 kyle311 2024-08-27T19:35:09Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166748#M591447 <P>Also, yes, ISE can resolve DNS names.&nbsp; devices can resolve the servers by FQDN, also</P> Tue, 27 Aug 2024 19:51:48 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166748#M591447 kyle311 2024-08-27T19:51:48Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166993#M591462 <P>Hi Kyle311,</P><P>I once ran into this issue as well. Is there a firewall between the ISE servers and AD? If so, make sure that all mentioned ports are allowed in the firewall. Besides that, you mentioned that there are DNS entries created, did you also created the pointer records?</P><P>&nbsp;</P><P>Best of luck.</P> Wed, 28 Aug 2024 09:10:37 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5166993#M591462 Abdullah@LTI 2024-08-28T09:10:37Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5167148#M591474 <P>Hey Abdullah!</P><P>Thank you for your response.&nbsp; Unfortunately, there doesn't appar to be a firewall between the ISE Servers and the AD servers.&nbsp; The DNS and pointers are in place.&nbsp; I can ping the DC's fqdn from the servers command line.&nbsp; I can ping the ise server from the dc by fqdn. It makes absolutely no sense to me</P> Wed, 28 Aug 2024 13:38:55 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5167148#M591474 kyle311 2024-08-28T13:38:55Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5167161#M591478 <P>Can you share some screenshots and maybe the errors?</P> Wed, 28 Aug 2024 14:08:36 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5167161#M591478 Abdullah@LTI 2024-08-28T14:08:36Z https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5167168#M591483 <P><A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217351-ad-integration-for-cisco-ise-gui-and-cli.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217351-ad-integration-for-cisco-ise-gui-and-cli.html</A></P> <P>Use cli debug and share result here&nbsp;</P> <P>Thanks&nbsp;</P> <P>MHM</P> Wed, 28 Aug 2024 14:23:25 GMT https://community.cisco.com/t5/network-access-control/ise-server-will-not-join-ad/m-p/5167168#M591483 MHM Cisco World 2024-08-28T14:23:25Z