Security

Reply
MVP

Re: Full Computer Name in Windows

Yeeaahh it might come to that :(

 

 

I was trying to avoid it because I am afraid that we might run into this again. I don't want to have to reimage each time we run into this.

 

The other solution would be to allow the machine to authenticate with it's CN name or dNSHostName. At least until I find a proper solution.

 

I have another post here. Might come up with something.

If I find anything I'll report back.

 

Thanks for all the suggestions guys!

MVP Guru

Re: Full Computer Name in Windows

True very valid point
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
MVP

Re: Full Computer Name in Windows

Okay I think I found something else.

At first I didn't think this had anything to do with. But having done my own desktop computer I believe it does indeed play a role.

 

On the PC's that have the "Full computer name:" displayed properly they have an entry under for at least one of their network adapters.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters

On the computer I am having issues with this entry is missing completely.

I haven't been able to figure out exactly why this key is missing nor how to re-generate it.

 

I think though if I can figure this out it might lead me to correcting this issue.

 

This didn't pan out.

MVP

Re: Full Computer Name in Windows

Sorry I have another question.

 

I am trying to get these machines to authenticate when they are sending the computer name in the following format "host/COMPUTERNAME".

 

When I looked into the AD auth source I noticed that they machines are in fact already authenticating using the "COMPUTERNAME" as indicated in the filter query below.

(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))

 I am confused now as to why when these machines are unable to authenticate. It shouldn't really matter if it is sending "host/COMPUTERNAME" or "host/COMPUTERNAME.domain.com"

because it is looking at %{Host:Name}$ to authenticate.

 

When I look at the error in the Access Tracker I can see that for our AD source it is saying that the "user is not found", which to me is really strange.

 

I must be missing something obvious.

MVP Guru

Re: Full Computer Name in Windows

It might be because of this :

2014-11-12 11_43_17-ClearPass Policy Manager - Aruba Networks.png

 

2014-11-12 11_43_48-ClearPass Policy Manager - Aruba Networks.png

You may need to change it to this (I have not test this ):

2014-11-12 11_44_20-ClearPass Policy Manager - Aruba Networks.png

 

 

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP

Re: Full Computer Name in Windows

Thanks for the reply.

 

I have checked the dNSHostName and ServicePrincipleName attributes and I have the following entries

dNSHostName:COMPUTERNAME.domain.com
ServicePrincipleName:HOST/COMPUTERNAME.domain.com
ServicePrincipleName:HOST/COMPUTERNAME

 With these entries shouldn't it work?

 

the dNSHostName is only being pulled as an attribute right? It doesn't have anything to do with the actually authentication of the computer account?

MVP

Re: Full Computer Name in Windows

Hello again,

 

You guys are probably getting sick of hearing from me.

 

I finally figured out why the machine wasn't sending it's username properly.

 

I found this post which referenced a registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]

 There were two keys under here "NV PrimaryDnsSuffix" and "PrimaryDnsSuffix". Both of these keys were blank.

 

So I checked on computers that were working and discovered the the subkey DNSClient didn't even exists. So I deleted the whole key. Rebooted. And now the machine is sending it's username properly and it is displaying it correctly under "Full computer name"

MVP Guru

Re: Full Computer Name in Windows

Glad you figured it out , thanks for sharing the fix
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: