Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2146
Views
0
Helpful
3
Replies

ACS 5.2 cant join AD

rkirkeby
Level 1
Level 1

‎04-19-2011 12:18 AM - edited ‎03-10-2019 06:00 PM

I'm trying to join a band new CSACS-1120 to our active directory without success. The process in it self should be pretty straigh forward, but so far no luck.

I've configured the relevante info under "Users and Identity Sotes > External Identity Stores > Active Directory.

Active Directory Domain Name: xxx.com

Username/Password : domain administrator account

When I test connection I get a info dialog "This machine is currently connected to domain xxx.com"

After which I try to save changes which gives a reply ""This System Failure occurred: {0}. Your changes have not been saved. Click OK to return to the list page."

I've noticed that in the system log "show logging system tail" that I get a exception as soon as I enter the AD configuration page and subsequencely every time I perform a action on that section.

adinfo[29359]: DEBUG util.except (IO) : Cannot open file /var/centrifydc/kset.domain: No such file or directory (reference util/setting.cpp:64 rc: 2)

I've checked that the ACS can resolve the domain suffix correctly and that it has full network connectivity to the relevant domain controllers.

Logged into the ACS using the a SuperAdmin account.

The ACS is patched to the latest release 5.2.0.26-3

Our Windows Domain is a 2003 running of a combination of 2003 and 2008R2 servers.

Any one with a idea as to why the AD join keeps on failing and what the debug exception I'm getting means?

Labels:
0 Helpful
3 Replies 3

Devashree Chakrabarti
Level 1
Level 1

‎04-22-2011 10:08 PM

Hello Rene

The error message " Cannot open file /var/centrifydc/kset.domain: No such file or directory " usually leads to insufficient privilege level on admin account, with which you are trying to add AD.

Just make sure, whatever admin credentials you are using on ACS to integrate with AD, should have privileges to add computer on the domain.

thanks
Devashree

P.S. - Please do rate helpful posts.
0 Helpful

rkirkeby
Level 1
Level 1
In response to Devashree Chakrabarti

‎04-25-2011 10:56 PM

Dear Devashree

Thank you for the reply.

I've manage to solve the problem, it wasn’t a question about insufficient privilege on the account. Instead it turned out to be a problem with the way my password was constructed.

My AD admin account had the special character # in the password, after changing the password to another variant without this #, I managed to both test and join the ACS to the AD.

While the problem is now solved I do wonder why in the first place the usage of a # in the password fails, while other special characters is working fine, but that’s another story.

0 Helpful

Devashree Chakrabarti
Level 1
Level 1
In response to rkirkeby

‎04-25-2011 11:06 PM

Hello Rene

Thats interesting. Well, there certain special characters like # or $ or " , etc , which does not work on cisco devices. It is as per my experience.

thanks

Devashree

0 Helpful
Customers Also Viewed These Support Documents