Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
9533
Views
0
Helpful
2
Replies

FMC 6.2.2.1 / AdRealm Errors

Go to solution
JMCNEL
Level 4
Level 4

‎02-22-2018 10:21 AM - edited ‎02-21-2020 07:24 AM

We are recieving the following REALM errors - I cannot seem to find much details on the internet on the Firepower SF-IMS[4384] error codes.

 

Our realm is configured in our identity policy and its configured in our access control policy. When download users is selected, it downloads groups with appropriate amount of users for groups. Has anyone seen this before ? Any suggestions ? 

 

Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:adi.AdRealm [INFO] auth: failed to join domain xxx.xxxxx.xx
Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:krb-realm [ERROR] Could not add host to xxx.xxxxx.xx: Constraint violation
Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:ldap-join [ERROR] LDAP add failed: Constraint violation
Feb 22 2018 13:11:16 Firepower SF-IMS[4384]: [11596] ADI:adi.AdRealm [INFO] auth: joining KRB realm xxx.xxxxx.xx

 

To add to the mix a new added error

Firepower SF-IMS[4384]: [30220] ADI:ldap-join [ERROR] LDAP add failed: Server is unwilling to perform

 

Any suggestions would be greatly appreciated

11 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎03-08-2018 10:06 AM

Hi There,

 

Do you mean the test AD join fails for realm but the user download does work properly?

It could just be because "AD join username and password" fields are configured which are supposed to be used for Kerberos and failing because its not there on AD.

You can safely ignore the error or remove the AD join username and password field or create a new realm without those fields.

 

Rate if helps,

Yogesh

View solution in original post

0 Helpful
2 Replies 2

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎03-08-2018 10:06 AM

Hi There,

 

Do you mean the test AD join fails for realm but the user download does work properly?

It could just be because "AD join username and password" fields are configured which are supposed to be used for Kerberos and failing because its not there on AD.

You can safely ignore the error or remove the AD join username and password field or create a new realm without those fields.

 

Rate if helps,

Yogesh

0 Helpful

Go to solution
JMCNEL
Level 4
Level 4
In response to yogdhanu

‎03-08-2018 10:13 AM

I removed the username and password and it fixed the issue. Also I opened a TAC case and was told that the "test" but does not work - there is a bug on it.
0 Helpful
Review Cisco Networking for a $25 gift card
Top