09-04-2018 11:41 PM
Hi experts,
Does ISE automatically leave from Active Directory domain and re-join during reboot if it is already joined?
Does ISE periodically communicate with Active Directory DC after it joined to a domain?
I read "Active Directory Integration with Cisco ISE 2.x" below but it only describe behavior on application reset or configuration restore.
'When you reset the Cisco ISE application configuration from the command-line interface or restore configuration after a backup or upgrade, it performs a leave operation, disconnecting the Cisco ISE node from the Active Directory domain, if it is already joined.'
[Background]
My customer says they sometimes see "Not Operational" when checking AD integration status in [Administrator]->[External Identity Source]->AD domain after ISE reboot.
They say there seems no impact to user authentication during "Not Operational", but asking why ISE changes its status.
Solved! Go to Solution.
09-05-2018 09:03 AM
If this is the behavior seen by your customer in production network, it is best handled by TAC. Please request your customer to open a TAC service request.
- Krish
09-05-2018 09:03 AM
If this is the behavior seen by your customer in production network, it is best handled by TAC. Please request your customer to open a TAC service request.
- Krish
09-05-2018 09:11 AM
Also part of the reason your authentications may not be affected is because by default is the authentication process fails on a PSN, the PSN will drop the request and allow the NAD to fail over to the another PSN.
As Krish said you definitely want to get a TAC case going.
09-05-2018 06:23 PM
Thanks for your comment.
I understand "Not Operational" status after ISE reboot is not expected behavior and need TAC assistance.
Do you have any comments on below queries?
> Does ISE automatically leave from Active Directory domain and re-join during reboot if it is already joined?
> Does ISE periodically communicate with Active Directory DC after it joined to a domain?
If yes, I think customer and I should check network accessibility between ISE and AD controller more before open a SR on ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide