Symptom
ISE unable to perform active directory lookup if the DC that the PSN is connected to goes down or doesn't respond to CLDAP pings resulting in the forest being marked offline and authentications against that forest failing.
Conditions
Domain controllers restarted sequentially or going offline
Workaround
Re-join active directory for every affected node via Administration > Identity Management > External Identity Sources > Active Directory > or restart the AD connector
- by restarting services on the PSN with "application stop ise" followed by "application start ise" from CLI
- Navigate to Administration > Identity Management > External Identity Sources > Active Directory, click on Advanced Tools > Advanced Tuning. In the node drop down select the PSN and choose restart AD connector. This will need to be repeated for all PSNs facing the issue.
Further Problem Description
None
