Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
735
Views
0
Helpful
2
Replies

WSA: failed to add multiple Realms

jds5
Level 1
Level 1

‎08-30-2023 09:11 AM

Hello,

When trying to add a second Realm on any of our proxies, when doing "Join domain"

- Either the proxy crashes entirely

We no longer have access to the console and the proxy service is KO.  After a while, he comes back alone after a while.

- Either we get the following error:

Error     —           Computer Account creation failed.

 

Failure: Error while joining WSA onto server 'xxxx.xxx.xxxx' : ads_print_error: AD LDAP ERROR: 19 (Constraint violation): 000021C7: AtrErr: DSID-03200E9A, #1: 0: 000021C7: DSID-03200E9A, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90303 (servicePrincipalName) Failed to join domain: failed to precreate account in ou ou=Serveurs,dc=IMA,dc=INTRA: Constraint violation

The connection test gives this result:

Checking DNS resolution of WSA hostname(s)...

Success: Resolved 'adminxxxxproxyxx.xx.xxxx.xxxx' address: x.x.x.x

Success: Resolved 'maproxyxx.xx.xxxx.xxxx' address: x.x.x.xx

 

Checking DNS resolution of Active Directory Server(s)...

Success: Resolved 'xxxx' address: xxx.xx.x.xxx

Success: Resolved 'xxxx' address: xxx.xx.x.xxx

Success: Resolved 'xxxx' address: xxx.xx.x.xxx

 

Checking DNS resolution of AD Server(s)' full computer name(s)...

Success: Resolved 'XXXX.XXX.XXXX' address: x.x.x.x

Success: Resolved 'XXXX.XXX.XXXX' address: x.x.x.x

Success: Resolved 'XXXX.XXX.XXXX' address: x.x.x.x

 

Validating configured Active Directory Domain...

Success: Active Directory Domain Name for 'xxxxxxx' : XXXX.XXXX

Success: Active Directory Domain Name for 'xxxxxxx' : XXXX.XXXX

Success: Active Directory Domain Name for 'xxxxxxx' : XXXX.XXXX

 

Validating ADServer connectivity through Interface

Success: Server 'xxxxx.xxxx.xxxx' is reachable through Interface xx.x.xx.xx.

Success: Server 'xxxxx.xxxx.xxxx' is reachable through Interface xx.x.xx.xx.

Success: Server 'xxxxx.xxxx.xxxx' is reachable through Interface xx.x.xx.xx.

 

Attempting to get TGT...

Failure: Error while fetching Kerberos Tickets from server 'xxxxxxx' :

kinit: krb5_get_init_creds: Client (xxxxxxxxxxxxxproxy0x$@xxx.xxxx) unknown

 

Failure: Error while fetching Kerberos Tickets from server 'xxxx.xxx.xxxx' :

kinit: krb5_get_init_creds: Client ((xxxxxxxxxxxxxproxy0x$@xxx.xxxx ) unknown

 

Failure: Error while fetching Kerberos Tickets from server 'xxxx.xxxx.xxxx' :

kinit: krb5_get_init_creds: Client (xxxxxproxy0x$@xxx.xxxx) unknown

 

 

Checking local WSA time and server time difference...

Success: AD Server time and WSA time difference within tolerance limit

Success: AD Server time and WSA time difference within tolerance limit

Success: AD Server time and WSA time difference within tolerance limit

 

Attempting to fetch AD group information...

Success: Able to query for AD Group Information from Active Directory server 'xxxx.xxx.xxxx'.

Success: Able to query for AD Group Information from Active Directory server 'xxxx.xxx.xxxx'.

Success: Able to query for AD Group Information from Active Directory server 'xxxx.xxx.xxxx'.

 

Test completed: Errors occurred, see details above.

 

we're in version 14.5.0-537

 

Best Regards,

 

 

 

 

Labels:
0 Helpful
2 Replies 2

jds5
Level 1
Level 1

‎08-31-2023 12:13 AM

Hello,

Have you ever been faced with this type of problem?

BR,

José

 

 

0 Helpful

jds5
Level 1
Level 1

‎08-31-2023 06:17 AM

Hi,

Would it be possible to get feedback, please?

Thx,

 

0 Helpful
Customers Also Viewed These Support Documents