Hi all,
Hope someone will be able to point me in right direction. We are trying to join customer's ClearPass server to an ADs. Joining it to the first one went perfectly OK (in scenario where both boxes have interfaces on the same subnet). When trying to join second AD (in scenario where there is a firewall between them, **but not saying that this is firewall issue, just explaining setup!**) we run into problems. ClearPass attempts to join new AD and fails showing this message:
"Adding host to AD domain...
INFO - Fetched REALM 'XXXXX.COM' from domain FQDN
'ltcs.XXXXX.com'
INFO - Fetched the NETBIOS name 'XXXXX'
INFO - Creating domain directories for 'XXXXX'
Enter CPPMService's password:
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe
etlogon failed
with error NT_STATUS_IO_TIMEOUT
libnet_join_ok: failed to get schannel session key from server
ltcs.XXXXX.com for domain XXXXX. Error was NT_STATUS_IO_TIMEOUT
Failed to join domain: failed to verify domain membership after
joining: NT_STATUS_IO_TIMEOUT
INFO - Restoring smb configuration
INFO - Restoring krb5 configuration file
INFO - Deleting domain directories for 'XXXXX'
ERROR - CPPM004 failed to join the domain XXXXX.COM with
domain controller as ltcs.XXXXX.com
Join domain failed"
Packet capture on firewall shows traffic between nodes passing through (at least the one that is allowed by initial request: kerberos, Active Directory, ms-ds-smb, mspc, netbios-s).
Any thoughts are more than welcome. Thanks,
NesaM