Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1817
Views
0
Helpful
5
Replies

ISE 3.1 multi AD Domain Integration

Go to solution
k7851610
Level 1
Level 1

‎05-10-2022 03:21 AM

  There are two windows AD domains.

loclab.com
demo.local

 

I'm already joined loclab.com,but can't join demo.local.

 

Error message displayed on ISE:

Error Description: Failed To Find Domain Controller, Please Check Network Connectivity

Support Details...
Error Name: LW_ERROR_FAILED_FIND_DC
Error Code: 40049

Detailed Log:

Error Description :
Failed To Find Domain Controller In Domain DEMO.LOCAL : Domain Does Not Exists In DNS

Error Resolution :
Please Make Sure That Your DNS Contains Records For Domain : DEMO.LOCAL, For Further Information Please Refer To The AD DNS Diagnostic Tools

Join Steps :
18:22:33 Joining To Domain DEMO.LOCAL Using User Administrator
18:22:33 Searching For DC In Domain DEMO.LOCAL
18:22:33 Failed To Find Domain Controller In Domain DEMO.LOCAL : Domain Does Not Exists In DNS

 

 

 

This is the error message from the debug tool:

ise ad error.jpg

 

I refer to this document, but I don't know how to set it on DNS?

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/ise_active_directory_integration/b_ISE_AD_integration_2x.html

 

 

Could not understand the following information:

isead-dns.PNG

 

please help

thx

 
 
 
 
 
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to k7851610

‎05-10-2022 08:32 AM

Which DNS are you using? 

You need to add  "A" host and IP address to resolve internal querries. This overcome what they call  recursive problem. You can create a zone as well.

If you manage the DNS is pretty straithforward but will require some "how to do" things. 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Flavio Miranda
VIP
VIP

‎05-10-2022 04:50 AM

Basically it is saying that you need to have an Internet DNS service. If you have an Internal DNS server, then you can attend all this requirements easilly.

 

"

I refer to this document, but I don't know how to set it on DNS?"

But do you manage your DNS? it is a lab or real network? Which DNS are you using?

0 Helpful

Go to solution
k7851610
Level 1
Level 1
In response to Flavio Miranda

‎05-10-2022 07:55 AM

yes .I manage DNS server.

it is a lab.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to k7851610

‎05-10-2022 08:32 AM

Which DNS are you using? 

You need to add  "A" host and IP address to resolve internal querries. This overcome what they call  recursive problem. You can create a zone as well.

If you manage the DNS is pretty straithforward but will require some "how to do" things. 

0 Helpful

Go to solution
k7851610
Level 1
Level 1
In response to Flavio Miranda

‎05-10-2022 06:39 PM

windows server-DNS server

 
 
 
 
 
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-10-2022 06:33 AM

 

From ISE console or CLI, check are yo able to ping that domain, and make sure ISE and AD NTP time is sync.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents