08-27-2024 09:10 AM
I have a client who has 2 cisco ise 3.2 servers. When we try to join the first server to AD, it will fail out halfway through. There is connectivity between the ISE server and AD, as the network object will be created. However, the process dies out.
Any suggestions on what may be causing this?
08-27-2024 09:16 AM
@kyle311 is ISE and Active Directory time in sync, the maximum time difference between AD and ISE can be is 5 minutes. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215233-identity-service-engine-ise-and-active.html
Does ISE provide an error?
Can ISE resolve the AD DNS names?
08-27-2024 12:51 PM
Also, yes, ISE can resolve DNS names. devices can resolve the servers by FQDN, also
08-27-2024 12:35 PM
Thanks for the response, Rob! the DC's and ISE servers are all in sync timewise. It will go through the point of creating an object in AD> It will then give an error "Cannot Join with DC (name of device), searching for another DC"
The Creds are valid and the user appears to have access if it is creating the object.
Any Idea what is causing this? I cannot create the Dot1x policies without this
08-28-2024 02:10 AM
Hi Kyle311,
I once ran into this issue as well. Is there a firewall between the ISE servers and AD? If so, make sure that all mentioned ports are allowed in the firewall. Besides that, you mentioned that there are DNS entries created, did you also created the pointer records?
Best of luck.
08-28-2024 06:38 AM
Hey Abdullah!
Thank you for your response. Unfortunately, there doesn't appar to be a firewall between the ISE Servers and the AD servers. The DNS and pointers are in place. I can ping the DC's fqdn from the servers command line. I can ping the ise server from the dc by fqdn. It makes absolutely no sense to me
08-28-2024 07:08 AM
Can you share some screenshots and maybe the errors?
08-28-2024 07:23 AM
Use cli debug and share result here
Thanks
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide