12-12-2018 09:15 AM - edited 03-11-2019 01:53 AM
Hi Cisco ISE guru,
I am deploying a medium ISE solution, however, run into an AD issue, here is the detail.
ISE joined AD domain abcd.com under forest abcd.com. And there is trusted domain ef.abcd.net under forest abcd.net.
when a computer host/PC1234.ef.abcd.net is trying to authenticate, ISE tried to search ALL_AD_Join_Points and returned error message:
24321 |
LDAP search in forest failed - abcd.net,ERROR_NO_SUCH_DOMAIN |
24352 |
Identity resolution failed - ERROR_NO_SUCH_USER_SOME_DOMAINS_NOT_AVAILABLE |
however, when I check the joined AD I can retrieve groups from domain ef.abcd.net, can you please advise what could have caused this issue?
The trusted domain seemed to be working before, the ISE was restored from a backup, and then installed patch 4.
The AD were re-joined after the restore, and the joined domain abcd.com has no issue.
Thanks.
Solved! Go to Solution.
12-12-2018 09:25 AM
There is an AD bug in 2.4 patch 4 that was resolved in patch 5. It was a regression in patch 4, so p1, p2 and p3 were unaffected.
I suspect you are hitting this and applying patch 5 would fix it. You can work with TAC of you want to confirm you are hitting this or not.
12-12-2018 09:25 AM
There is an AD bug in 2.4 patch 4 that was resolved in patch 5. It was a regression in patch 4, so p1, p2 and p3 were unaffected.
I suspect you are hitting this and applying patch 5 would fix it. You can work with TAC of you want to confirm you are hitting this or not.
03-13-2019 09:17 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide