Deployment Error: Adding computer object into Windows AD

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 6
Registered: ‎07-27-2010
#1 of 11 15,038

Deployment Error: Adding computer object into Windows AD

[ Edited ]

Hello all,

We ran into some issues when attempting to deploy the CENTOS clinet via the console. The software fails when it trys to add the linux computer object into AD. See error below:

 

Execute /usr/sbin/adjoin --selfserve --workstation mydomain.com Result =6
Unexpected LDAP Error Connect error
 due to unexpected configuration or network error.
Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.
Join to domain 'mydomain.com', zone 'Auto Zone' failed.
Execute echo "/^install.sh \*\*\*/ {a=\"\"} /./ {if(a==\"\"){a=\$0}else{a=a RS \$0}} END {print a}" > /tmp/args.awk Result =0
Execute awk -f /tmp/args.awk /var/log/centrifydc-install.log Result =0
install.sh ***************** rev = 2010 (4.4.1-212) ********************
Tue Jul 27 11:41:04 PDT 2010
INFO: Unknown kernel: 2.6.18-194.3.1.el5PAE. Calling detect_linux ...
DEBUG: /etc/redhat-release:
CentOS release 5.3 (Final)

 

I found a way around this. On the client machines, I was able to log in and tun the adjoin command with the folloing syntax and I was able to join the machine into AD:

 

adjoin -w mydomain.com -u najeebd --verbose


Once the machine is joined to the domain, I am able to use Kerberos for authentication into other machines. Now the issues is that I don't want to be running this command manually on all my hosts when I want to join them to the domain. Can someone please sed some light on this issue? Thanks.

 

Robot Happy

Retired Employee (Inactive)
Posts: 140
Registered: ‎06-18-2010
#2 of 11 15,026

Re: Deployment Error: Adding computer object into Windows AD

Najeeb

 

It appears as though you have used install.sh to install our DirectControl express, for DirectControl Express installation please run install-express.sh for installation and respond to installation/join questions as follows:


How do you want to proceed? (S|X|C|Q) [X]:

Do you want to run adcheck to verify your AD environment? (Q|Y|N) [Y]:

Please enter the Active Directory domain to check: contoso.com
Join an Active Directory domain? (Q|Y|N) [Y]:Y
    Enter the Active Directory authorized user [administrator]: sumana
    Enter the password for the Active Directory user:
    Enter the computer name [ubuntu]:
    Enter the container DN [Computers]:
    Enter the name of the domain controller [auto detect]:
Reboot the computer after installation? (Q|Y|N) [Y]:

 

The above basically will join the machine in workstation mode eliminating the need for you to run adjoin command manually.

 

Please give that a try and let us know if it worked.

 

Thanks

 

@annamsr
Participant II
Posts: 6
Registered: ‎07-27-2010
#3 of 11 15,021

Re: Deployment Error: Adding computer object into Windows AD

Sumana,

We used the GUI for the install the client software on the linux host. The deployment manager has 4 steps that it outlines. 1) Build computer list

2) Download the software

3) Analyze your Envrionment

4) Deploy management software - Pressing the Deploy button

 

How would you got about selecting the express.sh script? Thanks.

 

Retired Employee (Inactive)
Posts: 140
Registered: ‎06-18-2010
#4 of 11 15,003

Re: Deployment Error: Adding computer object into Windows AD

I understand now; did not realize you were using Deployment Manager to install the software. For now please scratch out my suggestion about install-express.sh.

I beleive one of our SE is setup to do a webex with you tomorrow to troubleshoot this issue further. I might join the call as well - so talk to you tomorrow.

 

Thanks

@annamsr
Participant I
Posts: 1
Registered: ‎01-25-2012
#5 of 11 11,095

Re: Deployment Error: Adding computer object into Windows AD

I'm having the same issue.  Has this been resolved?  I checked to make sure my DC was listening on 389 and 636 and I'm good there.  I can add Windows machines to the domain but not any Linux hosts.

Centrify Master I
Posts: 143
Registered: ‎06-28-2010
#6 of 11 11,091

Re: Deployment Error: Adding computer object into Windows AD

Well lets first "check" if you Linux machine is properly configured to join AD.  Can you run the adcheck command on one of the *nix systems that is having a problem, and publish the output? 

Follow Centrify:
Participant I
Posts: 1
Registered: ‎08-06-2013
#7 of 11 8,979

Re: Deployment Error: Adding computer object into Windows AD

Was there any resolution to this?  I'm getting the same messages trying to join the domain -- both during installation using install-express.sh and also if I run the adjoin command manually.  I can't seem to figure out exactly what the problem is, and I can join windows machines to the domain.  I see this in the logs if I turn on debugging:

 

DEBUG network.state DC sgl-dc-02.sgl-lab.local(10.206.0.11) answered in 0.004635 secs: Success
DEBUG util.io.connectutil Connected to 10.206.0.11:22528 in 0.000910 seconds
DEBUG util.io.connectutil Connected to 10.206.0.11:53249 in 0.000763 seconds
DEBUG util.io.connectutil Connected to 10.206.0.11:34049 in 0.000644 seconds
DEBUG util.io.connectutil Connected to 10.206.0.11:48385 in 0.000605 seconds
DEBUG util.io.connectutil Connected to 10.206.0.11:50188 in 0.000729 seconds
DEBUG network.state ProbePorts complete for sgl-dc-02.sgl-lab.local. Elapsed time 0.008097 secs
DEBUG dns.findkdc Using forced DC dc sgl-dc-02.sgl-lab.local
DEBUG base.osutil Module=Kerberos : SASL bind to ldap/sgl-dc-01.sgl-lab.local@SGL-LAB.LOCAL - GSSAPI Mechanism with Kerberos error ": Cannot contact any KDC for requested realm" (reference base/adbind.cpp:508 rc: -1765328228)
DEBUG network.state NST:reportFailure: sgl-dc-01.sgl-lab.local
DEBUG base.bind.ad connectToList: Failed to connect to sgl-dc-01.sgl-lab.local:389: SASL bind to ldap/sgl-dc-01.sgl-lab.local@SGL-LAB.LOCAL - GSSAPI Mechanism with Kerberos error ": Cannot contact any KDC for requested realm"
DEBUG base.osutil Module=LDAP : reconnect failed (reference base/adbind.cpp:799 rc: -11)
DEBUG base.bind.ad Destroying binding to 'SGL-LAB.LOCAL'
DEBUG cli.adjoin Unexpected LDAP Error Connect error
DEBUG cli.adjoin due to unexpected configuration or network error.
DEBUG cli.adjoin Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.

 

The adcheck stuff comes back with only a warning about using a domain ending in .local (but that's not something I can change), otherwise all the tests pass.  Also, running adinfo --diag as the error message suggests turns up all passing tests.

 

I also have tried using adjoin with the same results.

 

Any ideas?

 

Kendal.

Centrify Master III
Posts: 205
Registered: ‎06-29-2010
#8 of 11 8,905

Re: Deployment Error: Adding computer object into Windows AD

Hi Kendal,

 

Could you please send us the output of the following command:

 

adinfo --diag "sgl-lab.local"

 

You can send the output to communitysupport@centrify.com.

 

Thanks,

Ian

Participant II
Posts: 4
Registered: ‎11-03-2018
#9 of 11 967

Re: Deployment Error: Adding computer object into Windows AD

 

 The server appears in the list but you can't click on the + and expand it out to see what it contains.

Check in your server list that can actually see the server. Also keep in mind that this software needs access to the admin port, not the normal web one, although it looks like your tunnel is correct for that.

You also need to turn on remote administration and set up the username and password etc. Try pointing a web browser to your localhost 6122 and check you can log in to the admin panel if that does not work try the blog of 

Error code 0xc00000e9 that may help you.

Participant II
Posts: 4
Registered: ‎11-03-2018
#10 of 11 957

Re: Deployment Error: Adding computer object into Windows AD

If you satisfied with that try to visit with  Error code 0xc00000e9