Security

Hi gurus,

I wonder if there is anyway to check if ClearPass joined a domain correctly, without leaving and joining the domain again. This is my situation, Event Viewer shows a problem with the domain:

But I can see ClearPass is joined to the domain:

But I don't know if the information of the last screenshot is only when ClearPass joined the domain the first time and not currently. How can I check it without leaving the domain?

Thanks in advance,

Julián

+1 on the ClearPass version. Make sure you are running up to date ClearPass software.

On the domain join check, you can do that on the CLI with the ad testjoin command:

[appadmin@cppm-nl]# ad testjoin NL
Join is OK

Where NL is the NETBIOS name of my domain.

Hi Herman,

That's exactly what I was looking for, many thanks!

Regards,

Julián

Hi Herman,

Known its a old topic but when de ad testjoin NL failed. How i have to interpreted this issue?

[appadmin@cppm-nl]# ad testjoin NLJoin is OK

Hi Marcel

Domain joins can be a challange if the Active Directory has been hardened. In your case it looks like either the account you try to do the test with isn't correct, or the host name isn't accepted for some reason. I don't think I have seen this error message.

If you try to join from the GUI, what message do you get?

As the initial issue in this thread is something else, maybe a new thread would be better.

[appadmin@cppm-nl]# ad testjoin NLJoin is OK

I would verify there are no forbidden characters in the hostname. That could be - _ or so...

Message suggests that the kerberos hostname is in an invalid format. Having symbols in the hostname is what I can think of.

[appadmin@cppm-nl]# ad testjoin NLJoin is OK