Security

Reply

CPPM Domain join failure

Hi All,

 

I'm having trouble adding a CPPM server to a domain. I'm getting an rpc access denied error.

 

DNS on CPPM is pointing to the domain controller.

User account is a domain admin.

Credentials are correct.

 

I suspect a firewall issue but have been shows an allow all rule for the CPPM to controller communication.

 

Here's what I'm seeing on the CLI:

 

[appadmin@cppm]# ad netjoin dc01.james.local
INFO - Fetched REALM 'JAMES.LOCAL' from domain FQDN 'dc01.james.local'
INFO - Fetched the NETBIOS name 'JAMES'
INFO - Creating domain directories for 'JAMES'
Enter dc01's user name:[Administrator] aruba
Enter aruba's password:
Enter aruba's password:
Failed to join domain: failed to lookup DC info for domain 'JAMES.LOCAL' over rpc: Access denied
INFO - Restoring smb configuration
INFO - Restoring krb5 configuration file
INFO - Deleting domain directories for 'JAMES'
ERROR - cppm failed to join the domain JAMES.LOCAL with domain controller as dc01.JAMES.LOCAL

 

Ideas?

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

Re: CPPM Domain join failure

Can you run the nslookup from clearpass and see if you can query the domain controller ?

Try turning off the fw on your dc.



Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: CPPM Domain join failure

Nslookup is successful and the firewall is already off.

I've logged this with TAC who have just said this is a known issue and have suggested a fix that requires TAC CLI access.

I'll post back tomorrow with an update.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

Re: CPPM Domain join failure

Probably the samba issue

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: CPPM Domain join failure

It was "the Samba issue".

 

Specifically, to resolve this they edited the file: /usr/local/avenda/tips/etc/smb.conf-template

and added the following entry:

client ipc signing = auto

above:

security = user 

 

I though this issue was resulved in 6.6.7, I guess not.

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: