topic Re: ISE Integrate AD fail in Network Access Control

ISE Integrate AD fail

Jacky88 — Fri, 02 Jan 2026 11:07:22 GMT

ISE Version 3.3
DNS Server (windows 2025 server) 192.168.3.5

Please see the error message

Error Description: Failed to find domain controller, please check network connectivity

Support Details...
Error Name: LW_ERROR_FAILED_FIND_DC
Error Code: 40049

Hello Boss,

Can you help me to fix this issue ?

Thanks a lot

Detailed Log:

Error Description :
Failed to find domain controller in domain CN.TT.COM : domain does not exists in DNS

Error Resolution :
Please make sure that your DNS contains records for domain : CN.TT.COM, For further information please refer to the AD DNS diagnostic tools

Join steps :
18:30:45 Joining to domain CN.TT.COM using user ISE_Join
18:30:45 Searching for DC in domain CN.TT.COM
18:30:45 Failed to find domain controller in domain CN.TT.COM : domain does not exists in DNS

Re: ISE Integrate AD fail

balaji.bandi — Fri, 02 Jan 2026 12:31:20 GMT

What details do you get from the error screenshot? Join operation status (click here for further details).

ISE 3.3 with what patch?

Check Port Connectivity - Verify that ports 53 (DNS), 88 (Kerberos), 389 (LDAP), and 445 (SMB) are not blocked by a firewall between ISE and the DC

Hope the account you're using has the necessary permissions to join the domain.

Check FN, is that affecting you :

https://www.cisco.com/c/en/us/support/docs/field-notices/743/fn74321.html

check some other steps to test :

https://learningnetwork.cisco.com/s/question/0D53i00000KstwtCAB/ise-integration-with-ad

Re: ISE Integrate AD fail

Jacky88 — Fri, 02 Jan 2026 12:58:44 GMT

Hi Boss @balaji.bandi ,
Please kindly find info from firewall and ISE.
Could you please kindly take a look ? Thanks a lot

Firewall has been allowed all for inbound.

Test command error

Re: ISE Integrate AD fail

balaji.bandi — Fri, 02 Jan 2026 14:22:20 GMT

i was asking firewall not on the windows Server, any other Firewall which is blocking to reach AD from ISE.

your nslookup fails, check is the ISE have correct DNS and NTP entries ?

show running-config | include name-server

ping <DNS-server-IP>

nslookup google.com

Re: ISE Integrate AD fail

Cristian Matei — Sun, 04 Jan 2026 17:03:00 GMT

Hi,

Based on provided information, it looks to be a misconfiguration on DNS server side; please check this post and find the solution (did you add DNS service before enabling AD DS services on the server, or is AD DS services enabled at all?): https://learningnetwork.cisco.com/s/question/0D53i00000KstwtCAB/ise-integration-with-ad

Thanks,

Cristian.

Re: ISE Integrate AD fail

Karsten Iwen — Sun, 04 Jan 2026 19:50:44 GMT

IMO, support for Windows Server 2025 started officially with ISE 3.5 (with some extra patches):

https://www.cisco.com/c/en/us/td/docs/security/ise/3-5/compatibility_doc/b_ise_sdt_35.html#externalidstores

But it should also work with older ISE versions after applying the hotfixes outlined in CSCwn62873.