cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5986
Views
10
Helpful
6
Replies

Giving error while joining AD via WSAV

amitmarathe
Level 1
Level 1

following error is giving while joining ad domain in the attachment.

Please help.

Where the file /tmp/smb26Qd6L.conf. is located and how to open and edit the same.

Regards,

Amit Marathe

6 Replies 6

amitmarathe
Level 1
Level 1

Error showing while joining domain:

" Failure: Error while joining WSA onto server '10.80.20.151' : Failed to set servicePrincipalNames.
Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials.
The workgroup in /tmp/smbVOJvC0.conf does not match the short domain name obtained from the server.
Using the name [xxx] from the server. You should set "workgroup = xxx" in /tmp/smbVOJvC0.conf.
Using short domain name -- xxx Deleted account for 'WEBPROXY1'
in realm 'xxx.com' Failed to join domain: Constraint violation"

i am not able to trace the file smbVOJvC0.conf. Also i have joined one WSAV box in domain and working fine same credential.

Hi 

Would recommend to change the NTLM security mode to use Domain Mode therefore you can use the NETBIOS name when joining to the AD.

To change this: CLI -> setntlmsecuritymode -> select the number for the authentication realm -> select number 2 for the Domain Mode.

Then in the GUI authentication realm, there is extra box to put the short name(netbios) name and make sure it is correct and join the domain again. 

If the above still not working, recommend to open TAC case for this to investigate further

I have change the hostname of WSAV and after that its started working fine. Posibility of old host name was some where in the file which was not allowing me to connect with AD.

Regards,

Amit Marathe

Hello!

I am facing the same error when joining the domain from a Cisco WSA.

Can you guide me how to get to /tmp/smb37bI8R.conf in order to fix this?

Or any suggestions that might come in handy?

I cannot change the NTLM security mode as the wsa is already joined to a different domain and in case of re-joining it i might have issues not having credentials for.

Thanks!

Regards,

Ionut Scinteianu

Farhan Mohamed
Cisco Employee
Cisco Employee

Would recommend to change the NTLM security mode to use Domain Mode therefore you can use the NETBIOS name when joining to the AD.

To change this: CLI -> setntlmsecuritymode -> select the number for the authentication realm -> select number 2 for the Domain Mode.

Then in the GUI authentication realm, there is extra box to put the short name(netbios) name and make sure it is correct and join the domain again. 

If the above still not working, recommend to open TAC case for this to investigate further

I am getting the same problem and none of the mentioned fixes worked. WSA rejects to join AD with the following error :

 

"omputer Account creation failed.

Failure: Error while joining WSA onto server '192.168.173.50' : Failed to set servicePrincipalNames.
 Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials.
 
 The workgroup in /tmp/smb39IG19.conf does not match the short domain name obtained from the server. Using the name
 [ASIACELL] from the server. You should set "workgroup = ASIACELL" in /tmp/smb39IG19.conf. Using short domain name --
 ASIACELL Deleted account for 'IS_WSA_02ACSOBV' in realm 'ASIACELL.COM' Failed to join domain: Constraint violation "