Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12740
Views
15
Helpful
3
Replies

ISE 2.1 Changing FQDN

Go to solution
moody
Level 1
Level 1

‎08-25-2016 01:30 PM - edited ‎03-11-2019 12:01 AM

Is there a way to change the fqdn w/o needing to re-configure ISE from scratch?

I have a 2-node deployment.  The domain is changing - so I have a new wildcard cert for the new domain, but the server's current fqdn won't work w/ the new cert.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎08-26-2016 02:58 PM

Hi Moody,

Domain name can be changes using below command.

ISE3395/admin(config)# ip domain-name ?
<WORD> DNS search domain name (Max Size - 64)

If you update the domain name for the Cisco ISE server with this command, it displays the following warning message:

Warning: Updating the domain name will cause any certificate using the old
domain name to become invalid. Therefore, a new self-signed certificate using the new domain 
name will be generated now for use with HTTPs/EAP.  If CA-signed certificates were used on this
node, please import them with the correct domain name. In addition, if this ISE node will be 
joining a new Active Directory domain, please leave your current Active Directory domain before 
proceeding.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html#ID-1364-0000064d

Prior to this change:

1. Disjoin the ISE nodes from the domain

2. Ensure that their computer name is removed from AD

3.  Update DNS records

4. Ensure that DNS records have replicated

5. Change names on ISE

6. Join nodes to the  new domain.

Hope this helps!!!!

Regards

Gagan

View solution in original post

Go to solution
moody
Level 1
Level 1
In response to Gagandeep Singh

‎09-08-2016 01:52 PM

Thanks Gagan -

You were right w/ your steps to make the change.  I guess the real hurdle for us was getting the certificate changed. 

Thanks again - huge help!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎08-26-2016 02:58 PM

Hi Moody,

Domain name can be changes using below command.

ISE3395/admin(config)# ip domain-name ?
<WORD> DNS search domain name (Max Size - 64)

If you update the domain name for the Cisco ISE server with this command, it displays the following warning message:

Warning: Updating the domain name will cause any certificate using the old
domain name to become invalid. Therefore, a new self-signed certificate using the new domain 
name will be generated now for use with HTTPs/EAP.  If CA-signed certificates were used on this
node, please import them with the correct domain name. In addition, if this ISE node will be 
joining a new Active Directory domain, please leave your current Active Directory domain before 
proceeding.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/cli_ref_guide/b_ise_CLIReferenceGuide_21/b_ise_CLIReferenceGuide_21_chapter_011.html#ID-1364-0000064d

Prior to this change:

1. Disjoin the ISE nodes from the domain

2. Ensure that their computer name is removed from AD

3.  Update DNS records

4. Ensure that DNS records have replicated

5. Change names on ISE

6. Join nodes to the  new domain.

Hope this helps!!!!

Regards

Gagan

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to Gagandeep Singh

‎09-08-2016 11:43 AM

Hi Moody,

Any queries!!!

Regards

Gagan

PS: please rate if it helps

Go to solution
moody
Level 1
Level 1
In response to Gagandeep Singh

‎09-08-2016 01:52 PM

Thanks Gagan -

You were right w/ your steps to make the change.  I guess the real hurdle for us was getting the certificate changed. 

Thanks again - huge help!

0 Helpful
Customers Also Viewed These Support Documents