cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE node AD join point not showing domain controller

Madura Malwatte
Enthusiast
Enthusiast

Is there any reason why an ISE node in my cluster would suddenly have the AD join point domain controller no longer showing listed? You can see in the image ise4 has a blank entry in Domain Controller column, however the status is operational.

Diagnostic tool test comes back with the following failed tests:

  • Kerberos test obtaining join point TGT on instance
  • Kerberos check SASL connectivity to AD on instance

The reason being "The password is incorrect for the given account".

In the test LDAP test DCs response time - I can see the correct domain controller was the first to respond. So ISE should use this domain controller, but the entry is blank in the table.

Only thing I can think of is the account that ISE node did the domain join has had it's password changed. Is my thinking correct and would doing a new domain join for this node resolve the issue?

image001.png

1 ACCEPTED SOLUTION

Accepted Solutions

Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
You are correct. Also, recently I had similar case with a bug in ISE 2.3.
Here is the bug CSCvg15960

View solution in original post

3 REPLIES 3

Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
You are correct. Also, recently I had similar case with a bug in ISE 2.3.
Here is the bug CSCvg15960

Thanks for confirming and also sharing the bug. I did a rejoin and it picked up the Domain controller.

May I know what solution solved this?

We already tried several things suggested by this forum and other sites.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: