cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
649
Views
0
Helpful
5
Replies

Nodes and external AD are in different domain

dgaikwad
Level 5
Level 5

Hi Experts,
Issue:
ISE nodes in deployment are in .com domain while AD integration has been done with .net domain.
Now, there is this one node that was re-imaged is no long able to join AD domain again.
The logs are throwing the following errors: 40022, 31 and while joining, error 60113.

Could anyone assist me understand why these are errors... 

1 Accepted Solution

Accepted Solutions

It looks like the DNS SRV entries are not created for this ISE node that you are trying to join, and this is why it is failing imo, or, this ISE node is not configured with the right DNS servers.

View solution in original post

5 Replies 5

Assuming all DNS records are still created for this node, including the reverse DNS record, did you try to remove the computer object of that node from AD and try again?

Yes, the AD object has been removed, but still the errors persists.
While I did try to do a nslookup from .net domain, was able to resolve the DNS and AD servers fine.

Can you please share the screenshot of the error for review? Also, when you run these commands, do you see the resolution happening as expected:

nslookup _ldap._tcp.dc._msdcs.<your-domain-name> querytype SRV
nslookup _ldap._tcp.gc._msdcs.<your-domain-name> querytype SRV

@Aref Alsouqi 
Was able to capture the following output of the commands:

<Node_with_Issue># nslookup _ldap._tcp.gc._msdcs.<ISE_node_domain> querytype SRV
Trying "_ldap._tcp.gc._msdcs.<ISE_node_domain>"
Received 119 bytes from <DNS_Server>#53 in 1 ms
Trying "_ldap._tcp.gc._msdcs.<ISE_node_domain>.<ISE_node_domain>"
Host _ldap._tcp.gc._msdcs.<ISE_node_domain> not found: 3(NXDOMAIN)
Received 133 bytes from <DNS_Server>#53 in 1 ms

<Node_with_Issue># nslookup _ldap._tcp.dc._msdcs.<ISE_node_domain> querytype SRV
Trying "_ldap._tcp.dc._msdcs.<ISE_node_domain>"
Received 119 bytes from <DNS_Server>#53 in 1 ms
Trying "_ldap._tcp.dc._msdcs.<ISE_node_domain>.<ISE_node_domain>"
Host _ldap._tcp.dc._msdcs.<ISE_node_domain> not found: 3(NXDOMAIN)
Received 133 bytes from <DNS_Server>#53 in 1 ms

<Node_with_Issue># nslookup _ldap._tcp.dc._msdcs.<AD_Domain> querytype SRV
Trying "_ldap._tcp.dc._msdcs.<AD_Domain>"
;; Truncated, retrying in TCP mode.
Trying "_ldap._tcp.dc._msdcs.<AD_Domain>"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20412
;; flags: qr rd ra; QUERY: 1, ANSWER: 49, AUTHORITY: 0, ADDITIONAL: 0

<Node_with_Issue># nslookup _ldap._tcp.gc._msdcs.<AD_Domain> querytype SRV
Trying "_ldap._tcp.gc._msdcs.<AD_Domain>"
;; Truncated, retrying in TCP mode.
Trying "_ldap._tcp.gc._msdcs.<AD_Domain>"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40003
;; flags: qr rd ra; QUERY: 1, ANSWER: 47, AUTHORITY: 0, ADDITIONAL: 0

So there is a response from the domain where the nodes are being joined and failing.
This is error reported while adding back node 

 

dgaikwad_2-1665128880203.png

It looks like the DNS SRV entries are not created for this ISE node that you are trying to join, and this is why it is failing imo, or, this ISE node is not configured with the right DNS servers.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: