08-30-2023 09:11 AM
Hello,
When trying to add a second Realm on any of our proxies, when doing "Join domain"
- Either the proxy crashes entirely
We no longer have access to the console and the proxy service is KO. After a while, he comes back alone after a while.
- Either we get the following error:
Error — Computer Account creation failed.
Failure: Error while joining WSA onto server 'xxxx.xxx.xxxx' : ads_print_error: AD LDAP ERROR: 19 (Constraint violation): 000021C7: AtrErr: DSID-03200E9A, #1: 0: 000021C7: DSID-03200E9A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90303 (servicePrincipalName) Failed to join domain: failed to precreate account in ou ou=Serveurs,dc=IMA,dc=INTRA: Constraint violation
The connection test gives this result:
Checking DNS resolution of WSA hostname(s)...
Success: Resolved 'adminxxxxproxyxx.xx.xxxx.xxxx' address: x.x.x.x
Success: Resolved 'maproxyxx.xx.xxxx.xxxx' address: x.x.x.xx
Checking DNS resolution of Active Directory Server(s)...
Success: Resolved 'xxxx' address: xxx.xx.x.xxx
Success: Resolved 'xxxx' address: xxx.xx.x.xxx
Success: Resolved 'xxxx' address: xxx.xx.x.xxx
Checking DNS resolution of AD Server(s)' full computer name(s)...
Success: Resolved 'XXXX.XXX.XXXX' address: x.x.x.x
Success: Resolved 'XXXX.XXX.XXXX' address: x.x.x.x
Success: Resolved 'XXXX.XXX.XXXX' address: x.x.x.x
Validating configured Active Directory Domain...
Success: Active Directory Domain Name for 'xxxxxxx' : XXXX.XXXX
Success: Active Directory Domain Name for 'xxxxxxx' : XXXX.XXXX
Success: Active Directory Domain Name for 'xxxxxxx' : XXXX.XXXX
Validating ADServer connectivity through Interface
Success: Server 'xxxxx.xxxx.xxxx' is reachable through Interface xx.x.xx.xx.
Success: Server 'xxxxx.xxxx.xxxx' is reachable through Interface xx.x.xx.xx.
Success: Server 'xxxxx.xxxx.xxxx' is reachable through Interface xx.x.xx.xx.
Attempting to get TGT...
Failure: Error while fetching Kerberos Tickets from server 'xxxxxxx' :
kinit: krb5_get_init_creds: Client (xxxxxxxxxxxxxproxy0x$@xxx.xxxx) unknown
Failure: Error while fetching Kerberos Tickets from server 'xxxx.xxx.xxxx' :
kinit: krb5_get_init_creds: Client ((xxxxxxxxxxxxxproxy0x$@xxx.xxxx ) unknown
Failure: Error while fetching Kerberos Tickets from server 'xxxx.xxxx.xxxx' :
kinit: krb5_get_init_creds: Client (xxxxxproxy0x$@xxx.xxxx) unknown
Checking local WSA time and server time difference...
Success: AD Server time and WSA time difference within tolerance limit
Success: AD Server time and WSA time difference within tolerance limit
Success: AD Server time and WSA time difference within tolerance limit
Attempting to fetch AD group information...
Success: Able to query for AD Group Information from Active Directory server 'xxxx.xxx.xxxx'.
Success: Able to query for AD Group Information from Active Directory server 'xxxx.xxx.xxxx'.
Success: Able to query for AD Group Information from Active Directory server 'xxxx.xxx.xxxx'.
Test completed: Errors occurred, see details above.
we're in version 14.5.0-537
Best Regards,
08-31-2023 12:13 AM
Hello,
Have you ever been faced with this type of problem?
BR,
José
08-31-2023 06:17 AM
Hi,
Would it be possible to get feedback, please?
Thx,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide