Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

Error Name: LW_ERROR_LDAP_NAMING_VIOLATION When Joining ISE to AD

Go to solution
fdharmawan
Level 4
Level 4

‎08-04-2023 04:13 AM - last edited on ‎08-04-2023 05:59 AM by Community Manager

Hi Guys,

I wanted to join the ISE to a new domain, since my company is currently migrating the AD domain. But upon joining the ISE nodes to the AD, I stumbled upon the following error:

Error Name: LW_ERROR_LDAP_NAMING_VIOLATION
Error Code: 40336

Detailed Log:
17:53:46 Joining to domain NEWDOMAIN.COM using user ServiceAccount
17:53:46   Searching for DC in domain NEWDOMAIN.COM
17:53:46   Found DC: ServerName.NEWDOMAIN.com , client site is XX , dc site is YY
17:53:46   Checking credentials for user ServiceAccount
17:53:46     Getting TGT for account ServiceAccount@NEWDOMAIN.COM
17:53:46     TGT for account ServiceAccount@NEWDOMAIN.COM was retrieved successfully
17:53:46   Credentials for user ServiceAccount were verified
17:53:46   Searching for DC in domain NEWDOMAIN.COM
17:53:46   Found DC: ServerName.NEWDOMAIN.com , client site is XX , dc site is YY
17:53:46   Generating account name for ISE machine in NEWDOMAIN.COM
17:53:46     Searching for an existing machine account
17:53:46       Searching object by filter : (&(objectCategory=computer)(servicePrincipalName=host/ISENODE02.NEWDOMAIN.com)) 
17:53:46     Account: ISENODE02 was not found
17:53:46     Searching for an existing machine account
17:53:46       Searching object by filter : (&(objectClass=computer)(sAMAccountName=xxx)) 
17:53:46     Account: xxx was found
17:53:46   ISE Machine account name is : xxx
17:53:46   Creating machine account xxx in OU : CN=xxx,OU=V,OU=W,OU=X,OU=Y,DC=Z,DC=com

I tried to Googled it but did not find any similar error. What I did was to create the object first on the Domain Controller first and specify the DN of the ISE nodes.

Any idea why I got this error? Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎08-04-2023 06:16 AM

 

 - Some of these requirements might be applicable : https://community.cisco.com/t5/network-access-control/ise-integration-with-ad-fails/m-p/2876825#M39194

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marce1000
VIP
VIP

‎08-04-2023 06:16 AM

 

 - Some of these requirements might be applicable : https://community.cisco.com/t5/network-access-control/ise-integration-with-ad-fails/m-p/2876825#M39194

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
fdharmawan
Level 4
Level 4
In response to marce1000

‎08-06-2023 09:34 PM

Hi Marce,

Thank you, I will take a look into it.

0 Helpful
Customers Also Viewed These Support Documents