Solved: error in joining in active directory

John · ‎02-01-2016

Failure: Error while fetching Kerberos Tickets from server 'x.x.x.x' :
kinit: krb5_get_init_creds: Client (wsa-dcb$@XXX.COM) unknown

Failure: Queries to server 'x.x.x.x' on port 389 failed :
Server doesn't accept anonymous queries

Tao Yang · ‎02-02-2016

Please ensure your WSA can reach your configured DC's 389 port and also ensure your WSA hostname has a valid DNS A record in your internal DNS server.

View solution in original post

Tao Yang · ‎02-02-2016

Please ensure your WSA can reach your configured DC's 389 port and also ensure your WSA hostname has a valid DNS A record in your internal DNS server.

kermia amar · ‎06-03-2018

please how i can ensure that my WSA can reach configured DC's 389 port

best regards

Handy Putra · ‎06-04-2018

Hi,

You can use 'telnet' test from WSA CLI by issuing 'telnet' command and select M1 interface and enter your DC address and port 389 and make sure it can connect.

You can also do packet capture from WSA to the DC and do test authentication (where you get the error message from) and from the capture filter on port 389 to see the packets communication

Regards

Handy Putra

kermia amar · ‎06-05-2018

Hi Handy

I have already test the Telnet from WSA to AD but unfortinutly not works, I can not Telnet AD from WSA on 389 port or any other port

please see the below error

ALGWSAPXYMGT01> telnet

Please select which interface you want to telnet from.
1. Auto
2. Failover Group 1 (10.111.66.19/24: ALGWSAPXY)
3. Failover Group 2 (10.111.66.20/24: ALGWSAPXY.)
4. Management (10.111.48.62/24: ALGWSAPXYMGT01.)
5. P1 (10.111.66.21/24: ALGWSAPXYINT01.)
6. P2 (10.111.67.21/24: ALGWSAPXY01.)
[1]> 4

Enter the remote hostname or IP address.
[]> 10.111.106.12

Enter the remote port.
[23]> 389

Trying 10.111.106.12...
Connected to 10.111.106.12.
Escape character is '^]'.
Connection closed by foreign host.

kermia amar · ‎06-05-2018

hi handy

also see please the error message at my WSA when I do a test

.

Handy Putra · ‎06-05-2018

Hi,

From your telnet output, the connection to your DC on port 389 is actually connected:

Enter the remote port.
[23]> 389

Trying 10.111.106.12...
Connected to 10.111.106.12.

However from your error message, it is having issues in getting the kerberos ticket from your 10.115.106.11 server (the telnet test that you performed is to 10.111.106.12)

And it is complaining that the credential is not correct:

kinit: krb5_get_init_creds: Client (SKDWSAPXYMGT02$@CORP.ATELAT.DZ) unknown

Please check the AD account that you are using when joining WSA to the domain, make sure you are using administrator account or an account that has privilege to create objects in the AD server.

Would recommend to open a TAC case if you need further in depth assistance

Regards

Handy Putra

Ken Stieers · ‎06-05-2018

If you're not on 10.5.2, make sure you haven't turned off SMB1. Up until that version, the WSA still required SMB1

kermia amar · ‎06-06-2018

yes I'm not in 10.5.2 and i can not check if SMB1 is tuned off or not, let me do system upgrade and back to you

thanks

Best Regards

A.kermia