topic Re: FMC 6.2.2.1 / AdRealm Errors in Network Security

FMC 6.2.2.1 / AdRealm Errors

JMCNEL — Fri, 21 Feb 2020 15:24:09 GMT

We are recieving the following REALM errors - I cannot seem to find much details on the internet on the Firepower SF-IMS[4384] error codes.

Our realm is configured in our identity policy and its configured in our access control policy. When download users is selected, it downloads groups with appropriate amount of users for groups. Has anyone seen this before ? Any suggestions ?

Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:adi.AdRealm [INFO] auth: failed to join domain xxx.xxxxx.xx
Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:krb-realm [ERROR] Could not add host to xxx.xxxxx.xx: Constraint violation
Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:ldap-join [ERROR] LDAP add failed: Constraint violation
Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:adi.AdRealm [INFO] auth: joining KRB realm xxx.xxxxx.xx

To add to the mix a new added error

Firepower SF-IMS[4384]: [30220] ADI:ldap-join [ERROR] LDAP add failed: Server is unwilling to perform

Any suggestions would be greatly appreciated

Re: FMC 6.2.2.1 / AdRealm Errors

yogdhanu — Thu, 08 Mar 2018 18:06:26 GMT

Hi There,

Do you mean the test AD join fails for realm but the user download does work properly?

It could just be because "AD join username and password" fields are configured which are supposed to be used for Kerberos and failing because its not there on AD.

You can safely ignore the error or remove the AD join username and password field or create a new realm without those fields.

Rate if helps,

Yogesh

Re: FMC 6.2.2.1 / AdRealm Errors

JMCNEL — Thu, 08 Mar 2018 18:13:35 GMT

I removed the username and password and it fixed the issue. Also I opened a TAC case and was told that the "test" but does not work - there is a bug on it.