Getting Error events on ISE diagnostics "AD connector Operations" tab

Saravana17 · ‎10-15-2025

Hi All,

I noticed many error events are occurring on "Operations -> Reports -> Diagnostics -> AD connector Operations" tab. These errors are getting cleared automatically within 1 or 2 seconds. It happens randomly on all nodes but not at the same time which is strange. There were no logs on AD side where AD works fine. I couldn't find any detailed logs from ISE.

Some of the error events,

LDAP connect to domain controller failed
Trusted domains discovery failed
RPC secure channel establishment failed
Communication to domain failed
Joined domain is unavailable

Has anyone noticed this issue recently? I am running ISE 3.3 Patch 7.

Regards,
Saravana

Arne Bier · ‎10-16-2025

I can only guess that perhaps DNS resolution is intermittent, and if you don't have DNS caching enabled on the CLI of those nodes, then DNS resolution failure will have cascading effect. ISE is very sensitive to any kind of loss of heartbeat messages - like a canary in the coal mine. I would try enabling DNS caching (e.g. TTL 3600 seconds) and see if the situation improves.

I would also run a tcpdump (capture all files) for a period of time to see if you can observe what happens when one of these events is logged.

Saravana17 · ‎10-17-2025

Hi @Arne Bier ,
Thanks for your response.
I verified that DNS caching is already enabled and configured with default 180 seconds. However, we have another 2 ISE setups which are connected with same domain controllers but there are no issues occurring. So, I don't think caching will be a problem. Unfortunately, this issue is not occurring since last 4days. So, it's hard to run tcpdump to do captures

Thanks,
Saravana