Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

How to check if ClearPass joined a domain

This thread has been viewed 24 times
  • 1.  How to check if ClearPass joined a domain

    Posted May 31, 2018 06:46 PM

    Hi gurus,

     

    I wonder if there is anyway to check if ClearPass joined a domain correctly, without leaving and joining the domain again. This is my situation, Event Viewer shows a problem with the domain:

    event_viewer.png

    But I can see ClearPass is joined to the domain:

    addomain.png

    But I don't know if the information of the last screenshot is only when ClearPass joined the domain the first time and not currently. How can I check it without leaving the domain?

     

    Thanks in advance,

    Julián



  • 2.  RE: How to check if ClearPass joined a domain

    Posted May 31, 2018 09:06 PM
    Looks like you are having issues with the domain process
    You are running a very old code and it is no longer supported by Aruba , you should consider upgrading to the latest 6.7.x



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: How to check if ClearPass joined a domain

    Posted May 31, 2018 11:12 PM
    Hi Victor,

    Ok, and thanks for the advice about the code, I didn't know is no longer supported.

    Regards,
    Julián


  • 4.  RE: How to check if ClearPass joined a domain
    Best Answer

    EMPLOYEE
    Posted Jun 01, 2018 03:20 AM

    +1 on the ClearPass version. Make sure you are running up to date ClearPass software.

     

    On the domain join check, you can do that on the CLI with the ad testjoin command:

    [appadmin@cppm-nl]# ad testjoin NL
    Join is OK

    Where NL is the NETBIOS name of my domain.



  • 5.  RE: How to check if ClearPass joined a domain

    Posted Jun 01, 2018 11:54 AM

    Hi Herman,

     

    That's exactly what I was looking for, many thanks!

     

    Regards,

    Julián



  • 6.  RE: How to check if ClearPass joined a domain

    MVP EXPERT
    Posted 24 days ago

    Hi Herman,

    Known its a old topic but when de ad testjoin NL failed. How i have to interpreted this issue?



    ------------------------------
    Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------



  • 7.  RE: How to check if ClearPass joined a domain

    Posted 23 days ago

    Hi Marcel

    Domain joins can be a challange if the Active Directory has been hardened. In your case it looks like either the account you try to do the test with isn't correct, or the host name isn't accepted for some reason. I don't think I have seen this error message.

    If you try to join from the GUI, what message do you get?

    As the initial issue in this thread is something else, maybe a new thread would be better.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 8.  RE: How to check if ClearPass joined a domain

    EMPLOYEE
    Posted 18 days ago

    I would verify there are no forbidden characters in the hostname. That could be - _ or so...

    Message suggests that the kerberos hostname is in an invalid format. Having symbols in the hostname is what I can think of.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------