cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13397
Views
15
Helpful
3
Replies

ISE 2.1 Changing FQDN

moody
Level 1
Level 1

Is there a way to change the fqdn w/o needing to re-configure ISE from scratch?

I have a 2-node deployment.  The domain is changing - so I have a new wildcard cert for the new domain, but the server's current fqdn won't work w/ the new cert.

2 Accepted Solutions

Accepted Solutions

Gagandeep Singh
Cisco Employee
Cisco Employee

Hi Moody,

Domain name can be changes using below command.

ISE3395/admin(config)# ip domain-name ?
<WORD> DNS search domain name (Max Size - 64)

If you update the domain name for the Cisco ISE server with this command, it displays the following warning message:

Warning: Updating the domain name will cause any certificate using the old
domain name to become invalid. Therefore, a new self-signed certificate using the new domain 
name will be generated now for use with HTTPs/EAP.  If CA-signed certificates were used on this
node, please import them with the correct domain name. In addition, if this ISE node will be 
joining a new Active Directory domain, please leave your current Active Directory domain before 
proceeding.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html#ID-1364-0000064d

Prior to this change:

1. Disjoin the ISE nodes from the domain

2. Ensure that their computer name is removed from AD

3.  Update DNS records

4. Ensure that DNS records have replicated

5. Change names on ISE

6. Join nodes to the  new domain.

Hope this helps!!!!

Regards

Gagan

View solution in original post

Thanks Gagan -

You were right w/ your steps to make the change.  I guess the real hurdle for us was getting the certificate changed. 

Thanks again - huge help!

View solution in original post

3 Replies 3

Gagandeep Singh
Cisco Employee
Cisco Employee

Hi Moody,

Domain name can be changes using below command.

ISE3395/admin(config)# ip domain-name ?
<WORD> DNS search domain name (Max Size - 64)

If you update the domain name for the Cisco ISE server with this command, it displays the following warning message:

Warning: Updating the domain name will cause any certificate using the old
domain name to become invalid. Therefore, a new self-signed certificate using the new domain 
name will be generated now for use with HTTPs/EAP.  If CA-signed certificates were used on this
node, please import them with the correct domain name. In addition, if this ISE node will be 
joining a new Active Directory domain, please leave your current Active Directory domain before 
proceeding.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html#ID-1364-0000064d

Prior to this change:

1. Disjoin the ISE nodes from the domain

2. Ensure that their computer name is removed from AD

3.  Update DNS records

4. Ensure that DNS records have replicated

5. Change names on ISE

6. Join nodes to the  new domain.

Hope this helps!!!!

Regards

Gagan

Hi Moody,

Any queries!!!

Regards

Gagan

PS: please rate if it helps

Thanks Gagan -

You were right w/ your steps to make the change.  I guess the real hurdle for us was getting the certificate changed. 

Thanks again - huge help!