Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

ironport s370 can not join domain

Hello

For some reason ironport s370 can not join domain.

Checking DNS resolution of WSA hostname(s)...
Success: Resolved 'ironport----' address: ironport p1 address
Success: Resolved 'ironport----' address: ironport p1 address
Success: Resolved 'ironport----' address: ironport p1 address
Success: Resolved 'ironport----' address: ironport p1 address

Checking DNS resolution of Active Directory Server(s)...
Success: Resolved 'dns-srv1' address: dns-srv1
Success: Resolved 'dns-srv2' address: dns-srv2
Success: Resolved 'dns-srv1' address: dns-srv1
Success: Resolved 'dns-srv2' address: dns-srv2

Checking DNS resolution of AD Server(s)' full computer name(s)...
Success: Resolved 'DC1.---' address: dns-srv1
Success: Resolved 'DC2.---' address: dns-srv2
Success: Resolved 'DC1.---' address: dns-srv1
Success: Resolved 'DC2.---' address: dns-srv2

Validating configured Active Directory Domain...
Success: Active Directory Domain Name for 'dns-srv1' : ---
Success: Active Directory Domain Name for 'dns-srv2' : ---
Success: Active Directory Domain Name for 'dns-srv1' : ---
Success: Active Directory Domain Name for 'dns-srv2' : ---

Attempting to get TGT...

Attempting to get TGT...
Failure: Error while fetching Kerberos Tickets from server 'dns-srv1' :
kinit: krb5_get_init_creds: Preauthentication failed 
Failure: Error while fetching Kerberos Tickets from server 'dns-srv2' :
kinit: krb5_get_init_creds: Preauthentication failed 
Failure: Error while fetching Kerberos Tickets from server 'dns-srv1' :
kinit: krb5_get_init_creds: Preauthentication failed 
Failure: Error while fetching Kerberos Tickets from server 'dns-srv2' :
kinit: krb5_get_init_creds: Preauthentication failed 

Checking local WSA time and server time difference...

Checking local WSA time and server time difference...
Success: AD Server time and WSA time difference within tolerance limit
Success: AD Server time and WSA time difference within tolerance limit

Attempting to fetch group information...

Attempting to fetch group information...
Failure: Queries to server 'dns-srv1' on port 389 failed :
Server doesn't accept anonymous queries
Failure: Queries to server 'dns-srv2' on port 389 failed :
Server doesn't accept anonymous queries
Failure: Queries to server 'dns-srv1' on port 389 failed :
Server doesn't accept anonymous queries
Failure: Queries to server 'dns-srv2' on port 389 failed :
Server doesn't accept anonymous queries

 

Any advice would be greatly appreciated.
Thanks!

 

1 REPLY
Bronze

Hi, Could you please check

Hi,

 

Could you please check the following:

 

1). Go to the AD, go to User properties of this user and make sure "Do not require kerberos preauthentication" option is checked.

 

2). If possible make sure the user is part of the domain admins groups so that it has proper rights to join the WSA to the AD.

 

Regards,

Kush

 

1336
Views
0
Helpful
1
Replies
CreatePlease to create content