Dears,

The issue was in the Domain name when we configure the External identity, once it has been fixed the integration worked fine.

Regards,
Muhannad

Nice to hear that.

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue 

Hi

i have the same problem can you help me please

Status: Join Operation Failed: Failed to find domain controller, please check network connectivity

Hi,

First of all, could you check your ntp configuration. AD and ISE must have the same clock to be able to be joined to your AD infrastructure.

On ISE cli, could you run this nslookup command and paste the output on a txt file:

nslookup _ldap._tcp.dc._msdcs.DOMAIN.SUFFIXE querytype srv 

--> Example: nslookup _ldap._tcp.dc._msdcs.MYCOMPANY.COM querytype srv 

Please check out on that link (http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_20.html#reference_8DC463597A644A5C9CF5D582B77BB24F). All AD and DNS requirements must be setup.

If it's not working, please activate some debugs and attach the log file to this post:

1. Activate traces for Active directory component:

2. Try to join your ISE to your AD.

3. Take the logs of the debug traces:

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue 

Hi thanks for the answer

but i did not find how to "Activate traces for Active directory component:" !!

sorry

how can i do that please ?

thanks

Hi

Did you go into this menu:  Administration > System > Logging > Debug Log Configuration

Thanks

Hi

the domain name was not correct

well now i wanna know how to assign unknown mac address to a vlan ?

thx

This has been solved. I was prepending the hostname to the AD. It should only be the AD at the joinpoint.

I hope you have forward and reverse entries of ISE node in DNS server.

Can you do nslookup to IP and ISE hostname and share the output here.

Solved!

Good to know that.. Thank u for update.

Hi

I have the same problem :

"Error Description: Failed to find domain controller, please check network connectivity
 
Support Details...
Error Name: LW_ERROR_FAILED_FIND_DC
Error Code: 40049

Detailed Log:

Error Description :
Failed to find domain controller in domain PFE.LOCAL : domain does not exists in DNS

Error Resolution :
Please make sure that your DNS contains records for domain : PFE.LOCAL, For further information please refer to the AD DNS diagnostic tools

Join steps :
14:26:46 Joining to domain PFE.LOCAL using user bougamra
14:26:46   Searching for DC in domain PFE.LOCAL
14:26:46   Failed to find domain controller in domain PFE.LOCAL : domain does not exists in DNS "

Can you help me please ?

Hi Francesco,

Thanks you've already been helpful.

I am facing the same problem, the AD and ISE have the same Clock along with a NTP server.

Please find below :

- the operation detail

- the result of the command

- The ad_agent.log file

PS: I changed the real domain by MY.DOMAIN :p

### the operation detail ###

Error Description :
Failed To Find Domain Controller In Domain MY.DOMAIN : Domain Does Not Exists In DNS

Error Resolution :
Please Make Sure That Your DNS Contains Records For Domain : MY.DOMAIN, For Further Information Please Refer To The AD DNS Diagnostic Tools

Join Steps :
12:55:20 Joining To Domain MY.DOMAIN Using User Administrator
12:55:20 Searching For DC In Domain MY.DOMAIN
12:55:20 Failed To Find Domain Controller In Domain MY.DOMAIN : Domain Does Not Exists In DNS

    ### Result of nslookup _ldap._tcp.dc._msdcs.MY.DOMAIN querytype srv ###

Trying "_ldap._tcp.dc._msdcs.MY.DOMAIN"
Received 102 bytes from 172.20.127.1#53 in 0 ms
Trying "_ldap._tcp.dc._msdcs.MY.DOMAIN.MY.DOMAIN"
Host _ldap._tcp.dc._msdcs.MY.DOMAIN not found: 3(NXDOMAIN)
Received 109 bytes from 172.20.127.1#53 in 0 ms

Thank you very much!