Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3588
Views
0
Helpful
3
Replies

Cisco ISE unable to join Active Directory

Go to solution
Elena.Madrigal
Level 1
Level 1

‎10-06-2020 01:49 AM

Hello guys

I have tried to integrate Cisco ISE 2.2.0.470, with an working Active directory, but  show the following error message.

Captura.JPG

 

I have checked several times the configuration but the problem persists. I have run the Test and none had failed.

Captura2.JPG

Any ideas please?

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎10-06-2020 06:33 AM

That error is a Kerberos error stating that the system could not write to the Kerberos credential cache which would be a file on the ISE node.  This could be a permissions issue, file not there, or not enough disk space.  On the ISE CLI, issue the show disks command and see if any of your partitions are full.  If not, then the only other thing it could be is some corruption with your installation.

If this is a new installation, check the MD5 hash of the installation source that you used to install the software.  If this is a VM node, make sure that VMware is not configured to do snapshots or vMotion of the ISE VM.  Those operations can cause corruption.  Your only options are to rebuild the node or work with TAC so they can verify if the Kerberos credential cache file is there.  My recommendation would be to rebuild since there could be other corrupted artifacts in the system.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎10-06-2020 02:36 AM

You have a problem with NTP sync. You need to make sure the ISE and AD are
synced to same server (or the time split isn't high). Otherwise, it will
not work.

**** please remember to rate useful posts
0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎10-06-2020 06:33 AM

That error is a Kerberos error stating that the system could not write to the Kerberos credential cache which would be a file on the ISE node.  This could be a permissions issue, file not there, or not enough disk space.  On the ISE CLI, issue the show disks command and see if any of your partitions are full.  If not, then the only other thing it could be is some corruption with your installation.

If this is a new installation, check the MD5 hash of the installation source that you used to install the software.  If this is a VM node, make sure that VMware is not configured to do snapshots or vMotion of the ISE VM.  Those operations can cause corruption.  Your only options are to rebuild the node or work with TAC so they can verify if the Kerberos credential cache file is there.  My recommendation would be to rebuild since there could be other corrupted artifacts in the system.

0 Helpful

Go to solution
Elena.Madrigal
Level 1
Level 1
In response to Colby LeMaire

‎10-14-2020 08:26 AM

Yes you are right. the Disk is full . i saw this message when i tried to access throught CLI "unable to launch ade-os shell. disk full" Open a case is neede to solve this problem. Thanks all for ur support!

0 Helpful
Customers Also Viewed These Support Documents