Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
5
Replies

ISE with ldap (Active Directory) authentication

aquku
Level 1
Level 1

‎04-18-2023 01:20 AM - edited ‎04-18-2023 01:26 AM

Hello,

I have a problem with Cisco iSE in Active Directory domain as well as adding to the domain. I don't have much experience with ISA and RADIUS.

Join to Active Directory:

When I try to add ISE to a domain I get the message:

Error Description: The DC closed an LDAP connection in the middle of a query

Support Details...
Error Name: LW_ERROR_LDAP_SERVER_DOWN
Error Code: 40286

- DNS are configured correctly, nslookup sees the server, ping works for the domain, ntp server is configured.
- I'm using the domain administrator account for credentials

I did not configure anything on the domain controller

Are you able to help in the case of joining ActiveDirectory?

0 Helpful
5 Replies 5

marce1000
VIP
VIP

‎04-18-2023 02:00 AM

 

 - This seems somewhat similar : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm87060 , what is your ISE version ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

aquku
Level 1
Level 1
In response to marce1000

‎04-18-2023 02:12 AM

Version: 2.6.0.156

0 Helpful

marce1000
VIP
VIP
In response to aquku

‎04-18-2023 03:28 AM

 

 - Following these info's you may want to debug the issue : https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/212594-debugs-to-troubleshoot-on-ise.html#anc24    and https://www.youtube.com/watch?v=z0OzlulOnsw 
  Possible use microsoft eventvwr and watch for related LDAP events , or else raise a TAC case , 

 M



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Christopher Bell
Level 4
Level 4

‎04-18-2023 07:17 AM

LDAP or LDAPS?  Make sure the DC isn't expecting a secure connection and rejecting because it's not.  

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

aquku
Level 1
Level 1

‎04-26-2023 12:46 AM - edited ‎04-26-2023 06:56 AM

I think that may be the problem. I did not create an encrypted connection between the ISE and the DC.
Is there documentation somewhere showing how to connect the ISE using LDAPS? Because in the settings I don't see the option to encrypt/add a certificate when adding or do I need to configure an external LDAPS connection and then try to add to the domain?

Domain Control is Windows Server 2019

I thought now if the problem could be "ip domain-name"? Because the person configuring ISE set ip domain-name to "cisco.com", host name "ise". When trying to add to the domain and see ise.cisco.com. Maybe this is the problem? What should I do in this case?

0 Helpful
Customers Also Viewed These Support Documents