I had an issue ISE 2.4 with Windows 2019 Server AD Join issue for the external identity source.
I get Failed when I try to join.
So I have tailed Log from CLI
- Login to ISE 2.4 Cli
- show logging application ad_agent.log tail
I found the logs as below :
WARNING,140565219899136,[LwKrb5GetTgtImpl ../../lwadvapi/threaded/krbtgt.c:329] KRB5 Error code: -1765328347 (Message: Clock skew too great),lwadvapi/threaded/lwkrb5.c:892
then when i compare the time on Windows 2019 Server and ISE 2.4 it was more than 5min, then i adjusted the Clock on Windows 2019 server, also check the DNS records, I am able to resolve my domain.
After that, I can join ISE to the domain AD.
You can also do diagnostic :
If all working as expected you can retrieve the Group from AD as below :
Happy Labbbbbing !