Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass can't join domain

This thread has been viewed 18 times

  • 1.  ClearPass can't join domain

    Posted Apr 12, 2012 03:04 AM

    trying to have ClearPass join an AD domain, via GUI and CLI, getting the output below. anyone experienced this issue before?

     

    Adding host to AD domain...
    INFO - Fetched the NETBIOS name 'TEST'
    Stopping cpass-domain-server: [ OK ]
    Starting cpass-domain-server: [ OK ]
    Enter aruba's password:
    Failed to join domain: failed to lookup DC info for domain 'TEST.LOC' over rpc:
    Logon failure
    INFO - Restoring smb configuration
    INFO - Restoring krb5 configuration file
    Stopping cpass-domain-server: [ OK ]
    Starting cpass-domain-server: [ OK ]
    ERROR - clearpasstest.test.loc failed to join the domain TEST.LOC
    Join domain failed

    is there a checklist for what the AD version must be and such?



  • 2.  RE: ClearPass can't join domain

    EMPLOYEE
    Posted Apr 12, 2012 03:32 AM
    @boneyard wrote:

    trying to have ClearPass join an AD domain, via GUI and CLI, getting the output below. anyone experienced this issue before?

     

    Adding host to AD domain...
    INFO - Fetched the NETBIOS name 'TEST'
    Stopping cpass-domain-server: [ OK ]
    Starting cpass-domain-server: [ OK ]
    Enter aruba's password:
    Failed to join domain: failed to lookup DC info for domain 'TEST.LOC' over rpc:
    Logon failure
    INFO - Restoring smb configuration
    INFO - Restoring krb5 configuration file
    Stopping cpass-domain-server: [ OK ]
    Starting cpass-domain-server: [ OK ]
    ERROR - clearpasstest.test.loc failed to join the domain TEST.LOC
    Join domain failed

    is there a checklist for what the AD version must be and such?

    Make

    Make sure that the ip address of the DNS server for the clearpass box is one of the DNS servers in AD.  DNS must be able to resolve the FQDN to join the domain.



  • 3.  RE: ClearPass can't join domain

    Posted Apr 12, 2012 03:57 AM

    that is the case, DNS is running on the AD server (windows 2003) and that is also set as DNS server on the clearpass.



  • 4.  RE: ClearPass can't join domain

    EMPLOYEE
    Posted Apr 12, 2012 07:55 AM

    Sorry,

     

    I did not see the big "logon failure".  What did you put for the username and password?

     



  • 5.  RE: ClearPass can't join domain

    Posted Apr 12, 2012 09:01 AM

    tried with the default administrator account and used the checkbox to enter a self created admin account.

     

     



  • 6.  RE: ClearPass can't join domain

    Posted Apr 13, 2012 05:46 AM

    went on trying some more, another DC (win 2008) and some more testing. eventually it worked, but unsure what exactly did the trick. once I have some time I might try it again from scratch.



  • 7.  RE: ClearPass can't join domain

    EMPLOYEE
    Posted Apr 13, 2012 05:48 AM

    Interesting.  The only ways I got it to fail with that message is wrong username and password...

     



  • 8.  RE: ClearPass can't join domain

    Posted Apr 13, 2012 08:13 AM

    that is always possible, i usually try a couple of times to be sure i get it right at least once :smileyvery-happy: perhaps i missed it.



  • 9.  RE: ClearPass can't join domain

    EMPLOYEE
    Posted Sep 12, 2013 06:42 PM

    Do you have any special characters in your password?

     



  • 10.  RE: ClearPass can't join domain

    EMPLOYEE
    Posted Sep 12, 2013 06:50 PM

    I don't think @ is one of the characters that we have problems with.  What is the version of CPPM?

     



  • 11.  RE: ClearPass can't join domain

    EMPLOYEE
    Posted Sep 12, 2013 06:43 PM
    Looks like you are entering the fully qualified username (username@domain.tld). Can you try just the username?