10-06-2022 01:06 AM
Hi Experts,
Issue:
ISE nodes in deployment are in .com domain while AD integration has been done with .net domain.
Now, there is this one node that was re-imaged is no long able to join AD domain again.
The logs are throwing the following errors: 40022, 31 and while joining, error 60113.
Could anyone assist me understand why these are errors...
Solved! Go to Solution.
10-07-2022 02:22 AM
It looks like the DNS SRV entries are not created for this ISE node that you are trying to join, and this is why it is failing imo, or, this ISE node is not configured with the right DNS servers.
10-06-2022 01:26 AM
Assuming all DNS records are still created for this node, including the reverse DNS record, did you try to remove the computer object of that node from AD and try again?
10-06-2022 01:57 AM
Yes, the AD object has been removed, but still the errors persists.
While I did try to do a nslookup from .net domain, was able to resolve the DNS and AD servers fine.
10-06-2022 02:16 AM
Can you please share the screenshot of the error for review? Also, when you run these commands, do you see the resolution happening as expected:
nslookup _ldap._tcp.dc._msdcs.<your-domain-name> querytype SRV
nslookup _ldap._tcp.gc._msdcs.<your-domain-name> querytype SRV
10-07-2022 12:50 AM
@Aref Alsouqi
Was able to capture the following output of the commands:
<Node_with_Issue># nslookup _ldap._tcp.gc._msdcs.<ISE_node_domain> querytype SRV
Trying "_ldap._tcp.gc._msdcs.<ISE_node_domain>"
Received 119 bytes from <DNS_Server>#53 in 1 ms
Trying "_ldap._tcp.gc._msdcs.<ISE_node_domain>.<ISE_node_domain>"
Host _ldap._tcp.gc._msdcs.<ISE_node_domain> not found: 3(NXDOMAIN)
Received 133 bytes from <DNS_Server>#53 in 1 ms
<Node_with_Issue># nslookup _ldap._tcp.dc._msdcs.<ISE_node_domain> querytype SRV
Trying "_ldap._tcp.dc._msdcs.<ISE_node_domain>"
Received 119 bytes from <DNS_Server>#53 in 1 ms
Trying "_ldap._tcp.dc._msdcs.<ISE_node_domain>.<ISE_node_domain>"
Host _ldap._tcp.dc._msdcs.<ISE_node_domain> not found: 3(NXDOMAIN)
Received 133 bytes from <DNS_Server>#53 in 1 ms
<Node_with_Issue># nslookup _ldap._tcp.dc._msdcs.<AD_Domain> querytype SRV
Trying "_ldap._tcp.dc._msdcs.<AD_Domain>"
;; Truncated, retrying in TCP mode.
Trying "_ldap._tcp.dc._msdcs.<AD_Domain>"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20412
;; flags: qr rd ra; QUERY: 1, ANSWER: 49, AUTHORITY: 0, ADDITIONAL: 0
<Node_with_Issue># nslookup _ldap._tcp.gc._msdcs.<AD_Domain> querytype SRV
Trying "_ldap._tcp.gc._msdcs.<AD_Domain>"
;; Truncated, retrying in TCP mode.
Trying "_ldap._tcp.gc._msdcs.<AD_Domain>"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40003
;; flags: qr rd ra; QUERY: 1, ANSWER: 47, AUTHORITY: 0, ADDITIONAL: 0
So there is a response from the domain where the nodes are being joined and failing.
This is error reported while adding back node
10-07-2022 02:22 AM
It looks like the DNS SRV entries are not created for this ISE node that you are trying to join, and this is why it is failing imo, or, this ISE node is not configured with the right DNS servers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide