WSA 10.5 fails to join Windows AD

mshboul89 · ‎10-04-2017

Dear experts,

After creating a new WSA VM ( S300), it is failing to join windows AD. It was able to join with the same settings and credentials. What happened is migration from S100 to S300 which shouldn't cause AD join issues!

I am getting the following error:

"

computer Account creation failed.

Failure: Error while joining WSA onto server '192.168.173.50' : Failed to set servicePrincipalNames.
Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials.

The workgroup in /tmp/smb39IG19.conf does not match the short domain name obtained from the server. Using the name
[ABCD] from the server. You should set "workgroup = ABCD" in /tmp/smb39IG19.conf. Using short domain name --
ABCD Deleted account for 'IS_WSA_02ACSOBV' in realm 'ABCD.COM' Failed to join domain: Constraint violation

"

Where ABCD.COM is the domain name.

I tried different credentials. Enabled Netbios in WSA. I also created the WSA computer account manually on the DC but it didn't work and i was getting the same error.

Please advise !

balaji.bandi · ‎06-20-2018

Would recommend to change the NTLM security mode to use Domain Mode therefore you can use the NETBIOS name when joining to the AD.

To change this: CLI -> setntlmsecuritymode -> select the number for the authentication realm -> select number 2 for the Domain Mode.

Then in the GUI authentication realm, there is extra box to put the short name(netbios) name and make sure it is correct and join the domain again.

Delete the Service account from AD and make sure you have hostname correct and try again.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help