Author Topic: Failed to join Active Directory Domain  (Read 22901 times)

nelsonm

  • Calf
  • *
  • Posts: 16
Failed to join Active Directory Domain
« on: May 14, 2009, 12:15:17 PM »
   

I have a recently purchased several Terastation Pro II Rackmounts with firmware 1.33 that fail to join my Windows 2003 Domain.

I followed the steps below and give the computer account I created delegation rights. However, whenever I run through the process the right is stripped away. I think the process itself creates a computer account without delegation rights which therefore causes the process to fail.


Any help would be appreciated it. These are the steps I followed:

 1. Basic tab of TeraStation (TS):
a. Set name
b. Date: set time zone (for me, GMT -5.00; Enable NTP, syncing to domain controller)
2. Network IP Address Properties – set fixed IP address. DNS server is the same as domain controller.
3. Created AD service account for TerraStation (Windows 2003, AD)
a. Password does not contain special characters
b. Account is a member of Administrators Group
5. DNS: created A and PTR records for the TS
6. Create a computer account for the TerraStation (have tried both default and as Windows 2000).
  a.Selected “Trust this computer for delegation to any service (Kerberos only).
7. Tried to join to Active Directory on the TS, get the following error:

Failed to join Active Directory Domain.
Please confirm the Active Directory Domain setting information, Administrator user name and password.

 

Message Edited by nelsonm on 05-14-2009 12:21 PM

SteveW

  • Calf
  • *
  • Posts: 2
Re: Failed to join Active Directory Domain
« Reply #1 on: May 15, 2009, 10:00:49 AM »
   

same issue with terrastation pro firmware 1.10.  was member of the ad but dropped off the ad.  tried to rejoin receiving same errors as above.


nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #2 on: May 19, 2009, 09:55:30 AM »
   Bump. Any clues? I have two Terastations just sitting there looking pretty.

davo

  • Really Big Bull
  • VIP
  • *
  • Posts: 6149
Re: Failed to join Active Directory Domain
« Reply #3 on: May 19, 2009, 10:24:11 AM »
   The Admin account needs to be the default admin account on your server with the username "Administrator" and not just a member in the admin group
Message Edited by davo on 05-19-2009 04:27 PM
PM me for TFTP / Boot Images / Recovery files  LSRecovery.exe file.
Having network issues? Drop me an email: info@interwebnetworks.com and we will get it fixed!

nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #4 on: May 19, 2009, 11:20:37 AM »
   

Davo,

I went ahead and tried that, no success.

These are the failures I see in the security event log:

 
Event Type:    Failure Audit
Event Source:    Security
Event Category:    Privilege Use
Event ID:    577
Date:        5/19/2009
Time:        12:13:26 PM
User:        DOMAIN\administrator
Computer:    DOMAINCONTROLLER
Description:
Privileged Service Called:
     Server:        Security Account Manager
     Service:        Security Account Manager
     Primary User Name:    DOMAINCONTROLLER$
     Primary Domain:    DOMAIN
     Primary Logon ID:    (0x0,0x3E7)
     Client User Name:    administrator
     Client Domain:    DOMAIN
     Client Logon ID:    (0x0,0x8F180D)
     Privileges:    SeMachineAccountPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


------------------------------------------------------------

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    675
Date:        5/19/2009
Time:        12:13:26 PM
User:        NT AUTHORITY\SYSTEM
Computer:    DOMAINCONTROLLER
Description:
Pre-authentication failed:
     User Name:    administrator
     User ID:        DOMAIN\administrator
     Service Name:    krbtgt/DOMAIN.DOMAIN.COM
     Pre-Authentication Type:    0x0
     Failure Code:    0x19
     Client Address:    192.168.0.3


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


------------------------------------------------------------

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    675
Date:        5/19/2009
Time:        12:13:26 PM
User:        NT AUTHORITY\SYSTEM
Computer:    DOMAIN CONTROLLER
Description:
Pre-authentication failed:
     User Name:    administrator
     User ID:        DOMAIN\administrator
     Service Name:    krbtgt/DOMAIN.DOMAIN.COM
     Pre-Authentication Type:    0x0
     Failure Code:    0x19
     Client Address:    192.168.0.3


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


davo

  • Really Big Bull
  • VIP
  • *
  • Posts: 6149
Re: Failed to join Active Directory Domain
« Reply #5 on: May 19, 2009, 11:26:14 AM »
   Are you sure it is not a child domain you are attemping to connect to? It is definately the primary domain and not sub domain of a larger domain tree?
PM me for TFTP / Boot Images / Recovery files  LSRecovery.exe file.
Having network issues? Drop me an email: info@interwebnetworks.com and we will get it fixed!

nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #6 on: May 19, 2009, 11:33:49 AM »
   

I am sure. This is a small environment with less than 100 nodes and only one domain with one DC. I replaced the domain name with domain.domain.com because it is something similar to alaska.burgerking.com but it is still the primary domain, just a longer domain name.

Message Edited by nelsonm on 05-19-2009 11:48 AM

nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #7 on: May 21, 2009, 11:41:17 AM »
   TTT

nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #8 on: June 15, 2009, 09:58:50 AM »
   

Anybody?

 


PCPiranha

  • Big Bull
  • *****
  • Posts: 2209
Re: Failed to join Active Directory Domain
« Reply #9 on: June 18, 2009, 04:42:34 PM »
Im sorry for the delayed response.  It appears that the domain authentication is failing at the kerberos step. Check to make sure the timezone is set correctly on the TS (for example, central time is GMT-5 because of DST, not GMT-6!). Your IP says you're in Florida, if this is correct you must use GMT -4 due to DST.  After the timezone is set correctly, make sure the time is within 5 minutes of the domain controller's time.

nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #10 on: June 23, 2009, 01:02:51 PM »
   

PCPiranha,

I was optimistic that the DST was causing the problem. But changing it to -4 did not work. The same errors came out. I have compiled the most comprehensive error report I could. Here are all the Teratstation Settings (I have renamed the domain and server for privacy)  and all the events log in reference to the terastation adding itself to the domain. Again, the terastation creates an account on active directory, but it still fails.

 

Here we go:

 

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    675
Date:        6/23/2009
Time:        1:49:01 PM
User:        NT AUTHORITY\SYSTEM
Computer:    domaindc
Description:
Pre-authentication failed:
     User Name:    terastation
     User ID:        domainname\terastation
     Service Name:    krbtgt/domainname.domain.com
     Pre-Authentication Type:    0x0
     Failure Code:    0x19
     Client Address:    192.168.0.3


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    672
Date:        6/23/2009
Time:        1:49:01 PM
User:        NT AUTHORITY\SYSTEM
Computer:    domaindc
Description:
Authentication Ticket Request:
     User Name:        terastation
     Supplied Realm Name:    domainname.domain.com
     User ID:            domainname\terastation
     Service Name:        krbtgt
     Service ID:        domainname\krbtgt
     Ticket Options:        0x40000010
     Result Code:        -
     Ticket Encryption Type:    0x17
     Pre-Authentication Type:    2
     Client Address:        192.168.0.3
     Certificate Issuer Name:   
     Certificate Serial Number:   
     Certificate Thumbprint:   


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:    Success Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    673
Date:        6/23/2009
Time:        1:49:01 PM
User:        NT AUTHORITY\SYSTEM
Computer:    domaindc
Description:
Service Ticket Request:
     User Name:        terastation@domainname.domain.com
     User Domain:        domainname.domain.com
     Service Name:        domaindc$
     Service ID:        domainname\domaindc$
     Ticket Options:        0x40800000
     Ticket Encryption Type:    0x17
     Client Address:        192.168.0.3
     Failure Code:        -
     Logon GUID:        {a8bf6479-6f4e-7804-6f9a-982e9e1ad9ec}
     Transited Services:    -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    576
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Special privileges assigned to new logon:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x4409FD0)
     Privileges:    SeSecurityPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeTakeOwnershipPrivilege
            SeSystemEnvironmentPrivilege
            SeLoadDriverPrivilege
            SeImpersonatePrivilege
            SeEnableDelegationPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    540
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Successful Network Logon:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x4409FD0)
     Logon Type:    3
     Logon Process:    Kerberos
     Authentication Package:    Kerberos
     Workstation Name:   
     Logon GUID:    {ac857bf4-c638-45b5-428f-b3fa7ec3c06c}
     Caller User Name:    -
     Caller Domain:    -
     Caller Logon ID:    -
     Caller Process ID: -
     Transited Services: -
     Source Network Address:    192.168.0.3
     Source Port:    2613


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    538
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
User Logoff:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x4409FD0)
     Logon Type:    3


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    576
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Special privileges assigned to new logon:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x440A004)
     Privileges:    SeSecurityPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeTakeOwnershipPrivilege
            SeSystemEnvironmentPrivilege
            SeLoadDriverPrivilege
            SeImpersonatePrivilege
            SeEnableDelegationPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    540
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Successful Network Logon:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x440A004)
     Logon Type:    3
     Logon Process:    Kerberos
     Authentication Package:    Kerberos
     Workstation Name:   
     Logon GUID:    {ac857bf4-c638-45b5-428f-b3fa7ec3c06c}
     Caller User Name:    -
     Caller Domain:    -
     Caller Logon ID:    -
     Caller Process ID: -
     Transited Services: -
     Source Network Address:    192.168.0.3
     Source Port:    2614


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    675
Date:        6/23/2009
Time:        1:49:01 PM
User:        NT AUTHORITY\SYSTEM
Computer:    domaindc
Description:
Pre-authentication failed:
     User Name:    terastation
     User ID:        domainname\terastation
     Service Name:    krbtgt/domainname.domain.com
     Pre-Authentication Type:    0x0
     Failure Code:    0x19
     Client Address:    192.168.0.3


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    672
Date:        6/23/2009
Time:        1:49:01 PM
User:        NT AUTHORITY\SYSTEM
Computer:    domaindc
Description:
Authentication Ticket Request:
     User Name:        terastation
     Supplied Realm Name:    domainname.domain.com
     User ID:            domainname\terastation
     Service Name:        krbtgt
     Service ID:        domainname\krbtgt
     Ticket Options:        0x40000010
     Result Code:        -
     Ticket Encryption Type:    0x17
     Pre-Authentication Type:    2
     Client Address:        192.168.0.3
     Certificate Issuer Name:   
     Certificate Serial Number:   
     Certificate Thumbprint:   


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    673
Date:        6/23/2009
Time:        1:49:01 PM
User:        NT AUTHORITY\SYSTEM
Computer:    domaindc
Description:
Service Ticket Request:
     User Name:        terastation@domainname.domain.com
     User Domain:        domainname.domain.com
     Service Name:        domaindc$
     Service ID:        domainname\domaindc$
     Ticket Options:        0x40800000
     Ticket Encryption Type:    0x17
     Client Address:        192.168.0.3
     Failure Code:        -
     Logon GUID:        {a8bf6479-6f4e-7804-6f9a-982e9e1ad9ec}
     Transited Services:    -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    576
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Special privileges assigned to new logon:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x440A038)
     Privileges:    SeSecurityPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeTakeOwnershipPrivilege
            SeSystemEnvironmentPrivilege
            SeLoadDriverPrivilege
            SeImpersonatePrivilege
            SeEnableDelegationPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    540
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Successful Network Logon:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x440A038)
     Logon Type:    3
     Logon Process:    Kerberos
     Authentication Package:    Kerberos
     Workstation Name:   
     Logon GUID:    {ac857bf4-c638-45b5-428f-b3fa7ec3c06c}
     Caller User Name:    -
     Caller Domain:    -
     Caller Logon ID:    -
     Caller Process ID: -
     Transited Services: -
     Source Network Address:    192.168.0.3
     Source Port:    0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #11 on: June 23, 2009, 01:03:11 PM »
   
Event Type:    Failure Audit
Event Source:    Security
Event Category:    Privilege Use
Event ID:    577
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Privileged Service Called:
     Server:        Security Account Manager
     Service:        Security Account Manager
     Primary User Name:    domaindc$
     Primary Domain:    domainname
     Primary Logon ID:    (0x0,0x3E7)
     Client User Name:    terastation
     Client Domain:    domainname
     Client Logon ID:    (0x0,0x440A038)
     Privileges:    SeMachineAccountPrivilege

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:    Success Audit
Event Source:    Security
Event Category:    Account Management
Event ID:    628
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
User Account password set:
     Target Account Name:    storage$
     Target Domain:    domainname
     Target Account ID:    domainname\storage$
     Caller User Name:    terastation
     Caller Domain:    domainname
     Caller Logon ID:    (0x0,0x440A038)


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:    Success Audit
Event Source:    Security
Event Category:    Account Management
Event ID:    646
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
Computer Account Changed:
     -
     Target Account Name:    storage$
     Target Domain:    domainname
     Target Account ID:    domainname\storage$
     Caller User Name:    terastation
     Caller Domain:    domainname
     Caller Logon ID:    (0x0,0x440A038)
     Privileges:    -
 Changed Attributes:
     Sam Account Name:    -
     Display Name:    -
     User Principal Name:    -
     Home Directory:    -
     Home Drive:    -
     Script Path:    -
     Profile Path:    -
     User Workstations:    -
     Password Last Set:    6/23/2009 1:49:01 PM
     Account Expires:    -
     Primary Group ID:    -
     AllowedToDelegateTo:    -
     Old UAC Value:    -
     New UAC Value:    -
     User Account Control:    -
     User Parameters:    -
     Sid History:    -
     Logon Hours:    -
     DNS Host Name:    -
     Service Principal Names:    -
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    538
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
User Logoff:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x440A038)
     Logon Type:    3


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    538
Date:        6/23/2009
Time:        1:49:01 PM
User:        domainname\terastation
Computer:    domaindc
Description:
User Logoff:
     User Name:    terastation
     Domain:        domainname
     Logon ID:        (0x0,0x440A004)
     Logon Type:    3


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Dustrega

  • Big Bull
  • *****
  • Posts: 1394
Re: Failed to join Active Directory Domain
« Reply #12 on: June 24, 2009, 05:56:46 AM »
Have you attempted disabling the NTP server?

nelsonm

  • Calf
  • *
  • Posts: 16
Re: Failed to join Active Directory Domain
« Reply #13 on: June 24, 2009, 08:45:31 AM »
   

I have disabled NTP in the Basic Setup of the terastation and it still failed with the exact same problem.

 

Does anyone know why the joining process is recreating the computer account? It seems that this is where part of the problem lies as when it recreates it, it does not give it trusted delegation rights.


JoshC

  • Big Bull
  • *****
  • Posts: 1110
Re: Failed to join Active Directory Domain
« Reply #14 on: June 24, 2009, 02:59:18 PM »

Ive seen this problem occur a few times.  Run a Force Firmware procedure.  See if that helps. 

 

http://forums.buffalotech.com/buffalo/board/message?board.id=0101&thread.id=9309
Message Edited by JoshC on 06-24-2009 03:00 PM