Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1530
Views
0
Helpful
1
Replies

ISE 2.2.0.470 Integrating With AD Winserver-2012R2 fails !!

Adnan Abushagur
Level 1
Level 1

‎04-22-2020 10:05 AM

ISE Version : 2.2.0.470 - Win-server 2012 R2 64bit 

Domain : lab.local

and the connectivity is perfect and both is reachable !!  

Hello all 
im facing trouble with ise 2.2 integrating with server to join in domain  this issue is drive me insane i had trying all solutions but it didn't work , last thing im thinking to install patch 16 , and i hope it will work with patch installing 

please any one , if he know the solution or this same problem had facing him please help ! 
The picture of the diagnostic is attached  

Adnan Abushagur | Network Security Engineer
Modern Systems & Technology Co
Aldol-St | Tripoli-Libya
1 person had this problem
Preview file
77 KB
Preview file
57 KB
Preview file
49 KB
Preview file
11 KB
0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎04-22-2020 03:33 PM

From the attached screenshots, it looks like you have an issue with DNS and possibly time syncronisation (clock skew).

ISE cannot resolve the "_ldap._tcp.dc._msdcs.<domain>" record for you domain, which is necessary when it tries to join that domain.

You need to verify that your DNS server is running and that it has all the necessary forward/reverse lookup zones and records (NS, SOA, CNAM) for your domain.

Since there is an error referencing "clock_skew" you should also confirm your ISE node have the correct NTP server configured and the time is syncronised to the same time source as your Windows server.

0 Helpful
Customers Also Viewed These Support Documents