Security

Hi, i have an existing customer with 5 clearpass servers (1 publisher - 4 subscribers). all fully configured and running well.

they bought another box for another site. i have an error when trying to netjoin this clearpass box.

the domain controller, username, etc should be correct, the other boxes uses same parameters. IPs also fine, nslookup was succesful from the clearpass box.

i found this error and wondering what the error is.

Failed to join domain: failed to lookup DC info for domain
'***.CORP' over rpc: NT_STATUS_HOST_UNREACHABLE

NOTE: i renamed customer domain with ****

suspecting there might be ports being blocked. i have read this article https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Ports-needed-by-CPPM-if-a-firewall-is-within-wired/ta-p/179060

but not sure which ones are needed when the join domain process.

Hi,

CPPM to Active Directory
The following is the list of services and their ports used for Active Directory communication:

UDP Port 88 for Kerberos authentication
UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.
TCP Port 139 and UDP 138 for File Replication Service between domain controllers. (Probably not necessary for CPPM)
UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
TCP and UDP Port 445 for File Replication Service (Probably not necessary for CPPM)
TCP and UDP Port 464 for Kerberos Password Change
TCP Port 3268 and 3269 for Global Catalog from client to domain controller.
TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller.

Regards,

Pavan

it works after enabling port 445.

Ricky,

Good to hear, finally it worked!

Regards,

Pavan