ISE 2.6 connect AD

Jantao · ‎09-05-2019

Hi.

I'm testing ISE 2.6 with patch 2 and trying to join the Active Directory as External Identity.

And i have following error:

Error Description: Failed to find domain controller, please check network connectivity

Support Details...
Error Name: LW_ERROR_FAILED_FIND_DC
Error Code: 40049

Detailed Log:

Error Description : 
Failed to find domain controller in domain EXAMPLE.COM : domain does not exists in DNS 

Error Resolution : 
Please make sure that your DNS contains records for domain : EXAMPLE.COM, For further information please refer to the AD DNS diagnostic tools 

Join steps : 
19:38:43 Joining to domain DOMAIN.EXAMPLE.COM using user user@example.com
19:38:43 Searching for DC in domain DOMAIN.EXAMPLE.COM
19:38:43 Found DC: DC01.DOMAIN.EXAMPLE.COM , client site is Default-First-Site-Name , dc site is Default-First-Site-Name 
19:38:43 Checking credentials for user USER@EXAMPLE.COM
19:38:43 Getting TGT for account USER@EXAMPLE.COM
19:38:43 Searching for DC in domain EXAMPLE.COM
19:38:44 Failed to find domain controller in domain EXAMPLE.COM : domain does not exists in DNS

I have no root domain, only DC01.EXAMPLE.COM, DC02.EXAMPLE.COM. Is there necessary for the root domain to join lower level domain or i can somehow bypass this check?

Jantao · ‎09-05-2019

Resolved by using correct user instead of 'user@example.com'.

Mohammed al Baqari · ‎10-02-2019

Yes, in your DNS server you need to have a zone for example.com which
should be the forest in your DC.