Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1075
Views
1
Helpful
5
Replies

ISE Integrate AD fail

Jacky88
Community Member

‎01-02-2026 03:07 AM

ISE Version 3.3
DNS Server (windows 2025 server)   192.168.3.5

Please see the error message

Error Description: Failed to find domain controller, please check network connectivity

Support Details...
Error Name: LW_ERROR_FAILED_FIND_DC
Error Code: 40049

Hello Boss,

Can you help me to fix this issue ?

Thanks a lot

Detailed Log:

Error Description :
Failed to find domain controller in domain CN.TT.COM : domain does not exists in DNS

Error Resolution :
Please make sure that your DNS contains records for domain : CN.TT.COM, For further information please refer to the AD DNS diagnostic tools

Join steps :
18:30:45 Joining to domain CN.TT.COM using user ISE_Join
18:30:45 Searching for DC in domain CN.TT.COM
18:30:45 Failed to find domain controller in domain CN.TT.COM : domain does not exists in DNS

 

Jacky88_0-1767351753441.pngJacky88_1-1767351780775.pngJacky88_2-1767351796105.pngJacky88_3-1767351825771.pngJacky88_4-1767351853061.png

 

 

 

Preview file
40 KB
Preview file
37 KB
Preview file
49 KB
Preview file
55 KB
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎01-02-2026 04:31 AM

What details do you get from the error screenshot? Join operation status (click here for further details).

ISE 3.3 with what patch?

Check Port Connectivity -  Verify that ports 53 (DNS), 88 (Kerberos), 389 (LDAP), and 445 (SMB) are not blocked by a firewall between ISE and the DC

Hope the account you're using has the necessary permissions to join the domain.

Check FN, is that affecting you :

https://www.cisco.com/c/en/us/support/docs/field-notices/743/fn74321.html

check some other steps to test :

https://learningnetwork.cisco.com/s/question/0D53i00000KstwtCAB/ise-integration-with-ad

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Jacky88
Community Member

‎01-02-2026 04:58 AM

Hi Boss @balaji.bandi ,
Please kindly find info from firewall and ISE.
Could you please kindly take a look ? Thanks a lot

 

Firewall has been allowed all for inbound.

Jacky88_0-1767357961611.png

 

Test command error

Jacky88_0-1767358671771.png

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Jacky88

‎01-02-2026 06:22 AM

i was asking firewall not on the windows Server, any other Firewall which is blocking to reach AD from ISE.

your nslookup fails, check is the ISE have correct DNS and NTP entries ?

show running-config | include name-server

ping <DNS-server-IP>

nslookup google.com

 

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Jacky88

‎01-04-2026 09:03 AM

Hi,

  Based on provided information, it looks to be a misconfiguration on DNS server side; please check this post and find the solution (did you add DNS service before enabling AD DS services on the server, or is AD DS services enabled at all?): https://learningnetwork.cisco.com/s/question/0D53i00000KstwtCAB/ise-integration-with-ad

Thanks,

Cristian.

 

0 Helpful

Karsten Iwen
VIP
VIP

‎01-04-2026 11:50 AM

IMO, support for Windows Server 2025 started officially with ISE 3.5 (with some extra patches):

https://www.cisco.com/c/en/us/td/docs/security/ise/3-5/compatibility_doc/b_ise_sdt_35.html#externalidstores

But it should also work with older ISE versions after applying the hotfixes outlined in CSCwn62873.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Customers Also Viewed These Support Documents