ISE, AD, and Blacklisting DC's
The Problem ISE PSNs connect to AD domain controllers to authenticate users on the network. Let’s say there are 4 ISE PSNs and 3 AD Domain Controllers. Seemingly out of no where ISE “backlists” all 3 of our DCs. You only know of this because of the ISE Alarm “joined domain is unavailable” – Hint: Check the AD Connector Report in ISE. The Active Directory Integration Guide for 1.3 will tell you if “AD connector cannot communicate with it [DC] for some reason” it will blacklist that domain controller....