- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2018 01:11 AM
Hello,
We have two ISE nodes primary/secondary that are connected to our AD and everything works fine, except the patches. When I installed patch 1 to 3, Network Resources were on read mode for me with my AD login, but it worked fine with local admin user. Now this is fixed in patch 4 BUT and there is a big BUT, I can't login with my AD account, I get the following.
Authentication Domain Server is not available
Anyone has any clue? It might be a bug, but I didn't find anything.
Best,
W
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2018 06:15 AM
You would be hitting below bug: CSCvm93698
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2018 05:09 AM
Just a FYI, I had the same issue with patch 4. AD authentication stopped working. AD connector was running and the diagnostic tool passed all tests. Authentication logs showed "Failure Reason - Subject not found in the applicable identity stores(s)". I left and rejoined the domain, but still failed AD authentication. I didn't have time to troubleshoot further, so ended up rolling back the patch. AD worked fine again after the rollback.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2018 06:16 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2018 10:20 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2018 08:50 AM
It's important to open a TAC case so TAC may help gathering the debug logs and possible recreate.
Your deployment seems to have two issues.
- Prior to Patch 4, it has a data access issue.
- Is your AD user using a custom admin group or one of the default ones or matching more than one admin groups? If you are using either a custom admin group or matching more than one admin groups, try using the default "Super Admin".
- With Patch 4, an AD user unable to login to ISE admin web UI.
- For this issue, we definitely need debug logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2018 02:02 AM
I will try to open the case as soon as I can (for now we have rolled back to patch 3), I understand that this should be addressed and solved.
We used a custom admin group and it worked like I mentioned perfectly fine. The permissions for the custom group is the same as the default "Super Admin" and this issue is only in patch 4, in patch 1 to 3 it works fine.
Needless to say, the more I work with the product the more in love I fall :D
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2018 06:08 AM
I've now opened a TAC case and will be updating this thread once I have more info.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2018 06:15 AM
You would be hitting below bug: CSCvm93698
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2018 06:28 AM
Yeah, it seems like it, but I will wait for TAC to confirm it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-29-2018 08:15 AM
A small clarification -- The regression bug CSCvm93698 is due to the fix for CSCvk13569 included in both ISE 2.4 Patch 4 and 2.2 Patch 11.
