cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

550
Views
0
Helpful
3
Replies
Elena.Madrigal
Beginner

Cisco ISE unable to join Active Directory

Hello guys

I have tried to integrate Cisco ISE 2.2.0.470, with an working Active directory, but  show the following error message.

Captura.JPG

 

I have checked several times the configuration but the problem persists. I have run the Test and none had failed.

Captura2.JPG

Any ideas please?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Colby LeMaire
VIP Collaborator

That error is a Kerberos error stating that the system could not write to the Kerberos credential cache which would be a file on the ISE node.  This could be a permissions issue, file not there, or not enough disk space.  On the ISE CLI, issue the show disks command and see if any of your partitions are full.  If not, then the only other thing it could be is some corruption with your installation.

If this is a new installation, check the MD5 hash of the installation source that you used to install the software.  If this is a VM node, make sure that VMware is not configured to do snapshots or vMotion of the ISE VM.  Those operations can cause corruption.  Your only options are to rebuild the node or work with TAC so they can verify if the Kerberos credential cache file is there.  My recommendation would be to rebuild since there could be other corrupted artifacts in the system.

View solution in original post

3 REPLIES 3
Mohammed al Baqari
VIP Advisor

You have a problem with NTP sync. You need to make sure the ISE and AD are
synced to same server (or the time split isn't high). Otherwise, it will
not work.

**** please remember to rate useful posts
Colby LeMaire
VIP Collaborator

That error is a Kerberos error stating that the system could not write to the Kerberos credential cache which would be a file on the ISE node.  This could be a permissions issue, file not there, or not enough disk space.  On the ISE CLI, issue the show disks command and see if any of your partitions are full.  If not, then the only other thing it could be is some corruption with your installation.

If this is a new installation, check the MD5 hash of the installation source that you used to install the software.  If this is a VM node, make sure that VMware is not configured to do snapshots or vMotion of the ISE VM.  Those operations can cause corruption.  Your only options are to rebuild the node or work with TAC so they can verify if the Kerberos credential cache file is there.  My recommendation would be to rebuild since there could be other corrupted artifacts in the system.

View solution in original post

Yes you are right. the Disk is full . i saw this message when i tried to access throught CLI "unable to launch ade-os shell. disk full" Open a case is neede to solve this problem. Thanks all for ur support!

Content for Community-Ad