11-07-2014 12:44 PM
This problem isn't caused by the wireless but I was hoping someone here might have an idea of what to check.
I have a laptop that is joined to AD and when it does machine authentication it is sending "host/COMPUTERNAME" not "host/COMPUTERNAME.domainname.com"
I looked around and as far as I can tell this is governed by a few registry keys under HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Param
The keys are "NV Domain" and "Domain". These should be populated with the domain name.
In the case of the laptop these keys are properly populate.
When I check System > Computer name, domain...> Change settings > Computer Name tab
the "Full computer name:" shows only the computer name. Not the computer name + domain.
I have tried disjoining and rejoining the device. I have tried blanking the registery keys above, rebooting, and repopulating them. I have had no luck in getting the machine to it's full name.
Just curious if anyone has run into this and if there is anyway to "reset" the pc so that it appends the name properly. I have another idea for fixing this issue in the CPPM by just pulling the CN. But I want to try and fix the naming issue.
Anyone have any ideas on this one?
Solved! Go to Solution.
11-07-2014 01:32 PM
The problem that I am facing that is that the machine isn't actually appending the domain name when the machine sends it's credentials.
So the machine is sending this: "host/COMPUTERNAME"
When it should send this: "host/COMPUTERNAME.domain.com"
I would like to try and figure out why the computer is sending in this format.
I was hoping someone might have seen this once before and know what needs to be changed on the PC side.
11-07-2014 02:01 PM
Is the machine failing authentication as a result?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
11-07-2014 02:06 PM
No problem at all!
I probably described it wrong.
And I know this isn't really a problem for this forum. But I was hoping someone might have seen this issue.
Yes it is failing because the machine account isn't valid in the AD because I we are using the dNSHostName.
I know I can use something like CN to get around this problem.
But I am trying to figure out why this machine is behaving differently.
11-07-2014 02:11 PM
Removed from the domain and added it again
Remove the wireless profile
@cappalli might know he's good with the windows stuff
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
11-07-2014 02:38 PM
I did try that yes, however I believe something might have gone wrong during the initial join of the machine.
I was reading this post and I started to look at the Service Principle Name attribute on the computer account in question. When I issues the command 'setspn -l <computername>' I noticed some discrencies when compared to a functioning computer.
Checking the attributes in the AD I noticed that the machine hadn't registered it's FQDN under the Service Principle Name. I tried manually adding the attributes, but this had no effect. So I am going to try completely removing the machines account from the AD and rejoin it and seeing if the values get populated properly.
No idea if this is the cause, but at this stage I am running out of ideas.
11-10-2014 05:12 AM
Tried a couple of additional things late Friday.
- I tried disjoining the machine and deleting it's AD account. I then manually created the machine with the proper dnshostname and SPN values. I then rejoined the machine. This did not work.
- I tried registering the machine with the DNS. Making sure that it's name properly registered with our DNS servers. This did not work.
- And as mentioned earlier I have tried playing with the registry.
I am out of ideas at this point. There must be something on the computer that is either misconfigured or missing. What that is though, at this point, I have no idea.