02-26-2017 04:51 AM - edited 03-11-2019 12:30 AM
Hello All,
I have 2 ISE 2.0 nodes in my network and joined to the AD. and I am using the AD server as a NTP server for the ISE nodes.
Two days ago one of the 2 ISE nodes had been dis joined form the AD due to Kerberos failure.
The attached warning appear in my ISE-AD join tests.
Note, The time on both AD and ISE are exactly the same.
Any one have recommendations for what should be done to solve this issue?
Thanks in advance
Mostafa
Solved! Go to Solution.
02-26-2017 11:32 AM
Hi
See the link below for troubleshooting ISE ntp sync issues with MS servers.
hth
Andy
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/119371-technote-ise-00.html#anc4
02-26-2017 11:32 AM
Hi
See the link below for troubleshooting ISE ntp sync issues with MS servers.
hth
Andy
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/119371-technote-ise-00.html#anc4
02-27-2017 11:01 PM
Hi
Thanks for your reply, But i need to know how can i access the root mode?
02-28-2017 12:16 AM
It appears only TAC can access root mode on ISE - see link below for a user with a similar issue to you.
hth
Andy
https://supportforums.cisco.com/discussion/12724991/cisco-ise-root-mode
03-15-2017 05:32 AM
Hi All,
I just want to add a point to andrewswanson answer.
After applying the above solution, the problem was fixed abut when i performed ISE-AD health check the NTP test didn't succeed however it's working fine from the CLI.
Then we found that we are hitting the bug in the below link. So, We applied patch 4 to fix it.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux82480
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide