Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Joining a network disk to domain
Joining a network disk to domain [message #332000] Tue, 01 December 2009 04:24 Go to next message
polilop  is currently offline polilop  Croatia
Messages: 43
Registered: October 2009
Member
I am trying to join a WD network disk (named :networkdisk1) to my domain
(server 2008) but i keep getting "Failed to join domain! [ERROR:Join ADS
failed]" on the network disk.
i found on the internet:
1) There must be a machine account for your device on your Domain
controller.
2) This machine account for the device must be flagged as trusted for
delegation,
3) Inside your DNS-server there must be the (A)Host entry for the device in
the Forward-Lookup-Zone and
4) inside your Reverse-Lookup-Zone there must be the PTR-Record.

1) I created a machine account
2) I flagged it as Trust this ..... to any service (Kerberos only) as i am
not familiar with the Trust this..... to specified services, is this
something i have to do differently?
3) done
4) done

Allso is there someway to see on the DC, in logs why the join failed, as the
network disk has a very small log info
(WD my book 1TB)
Re: Joining a network disk to domain [message #332013 is a reply to message #332000] Tue, 01 December 2009 04:46 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

polilop wrote:
> Allso is there someway to see on the DC, in logs why the join failed, as
> the network disk has a very small log info
> (WD my book 1TB)

If it was a machine, I'd check the machine's netlogon log file (after
enabling it). What does the event log say (you may have to check all DCs)?

How's the disk array supposed to connect to the domain? Does it support
kerberos?

Cheers,
Florian
Re: Joining a network disk to domain [message #332026 is a reply to message #332013] Tue, 01 December 2009 05:17 Go to previous messageGo to next message
polilop  is currently offline polilop  Croatia
Messages: 43
Registered: October 2009
Member
OK. I get this from the log:
Kerberos pre-authentication failed.

Account Information:
Security ID: *****\administrator
Account Name: Administrator

Service Information:
Service Name: krbtgt/****.*****

Network Information:
Client Address: 192.168.10.87
Client Port: 51491

Additional Information:
Ticket Options: 0x0
Failure Code: 0x25
Pre-Authentication Type: 2

Certificate Information:
Certificate Issuer Name: Certificate
Serial Number:
Certificate Thumbprint:Certificate information is only provided if a certificate was used for
pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in
RFC 4120.

If the ticket was malformed or damaged during transit and could not be
decrypted, then many fields in this event might not be present.

"Florian Frommherz [MVP]" <florian@frickelsoft.net> je napisao u poruci
interesnoj grupi:O5fKivncKHA.744@TK2MSFTNGP05.phx.gbl...
> Howdie!
>
> polilop wrote:
>> Allso is there someway to see on the DC, in logs why the join failed, as
>> the network disk has a very small log info
>> (WD my book 1TB)
>
> If it was a machine, I'd check the machine's netlogon log file (after
> enabling it). What does the event log say (you may have to check all DCs)?
>
> How's the disk array supposed to connect to the domain? Does it support
> kerberos?
>
> Cheers,
> Florian
Re: Joining a network disk to domain [message #332343 is a reply to message #332026] Tue, 01 December 2009 11:05 Go to previous message
florian  is currently offline florian  Germany
Messages: 484
Registered: July 2009
Senior Member
Howdie!

polilop schrieb:
> OK. I get this from the log:
> Kerberos pre-authentication failed.
>
> Account Information:
> Security ID: *****\administrator
> Account Name: Administrator
>
> Service Information:
> Service Name: krbtgt/****.*****
>
> Network Information:
> Client Address: 192.168.10.87
> Client Port: 51491
>
> Additional Information:
> Ticket Options: 0x0
> Failure Code: 0x25
> Pre-Authentication Type: 2

Okay - Failure Code 0x25 resolves to "Clock skew too great". In order to
aquire a ticket successfully, client and server need clocks to be "in
time" - they must not drift away more than five minutes.

I'd check the network disk if it has a web interface and configure date
& time and try the whole thing again.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.
Previous Topic:Help - Discover inactive account in AD
Next Topic:Monitoring
Goto Forum:
  


Current Time: Tue Jan 16 04:19:01 MST 2018

Total time taken to generate the page: 0.03380 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software