07-10-2017 07:06 AM
Hello,
We have very recently purchased two Cisco Ironport S390 WSA's, to replace two existing S170's.
The S170's have done us a good job (albeit very slowly) for 3 years (and S160's three years before that).
With these new S390's we are configuring them in the same fashion as always, by using Active Directory to authenticate our users. But this is where we are having problems.
When we add the new 'Realm' (under Network...Authentication), we put the correct details in for our Active Directory environment and click 'Join Domain', we get an error:
"
Computer Account creation failed.
Error: Internal error while updating the Kerberos configuration file.
"
Both of our existing S170's work fine with this setup.
What we have tried:
We are really struggling to get this to work. At the moment, we are still waiting for our Cisco software support contract to come through, but as we are eager to get these new WSA's rolled out, we were hoping someone may have already encountered this issue, or have any suggestions?
Thank you.
Best Regards,
Elliot
07-10-2017 09:44 AM
Update:
Tried flattening the network config, so the WSA only uses one NIC (the M1 port) for all services, which also means only 1 routing table/gateway.
Still fails with the same error.
07-11-2017 09:05 AM
Early days, but for those who may encounter the same issue in the future...
It appears we have resolved the issue by downgrading to AsyncOS 9 first, joining to the Windows domain, then upgrading to 10.x.
When you enter authentication settings on the WSA, the domain appears to be 'unjoined' (even though the computer object still appears in AD), but re-joining goes through fine.
07-10-2017 10:05 AM
Did you turn off SMB1 after the Wannacry mess? if so, try turning it back on.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide