Applies to: Centrify DirectControl 5.x
Question:adclient does not start properly and outputs the following:
The adjoin ended with these messages:
Join to domain:vha.med.yourcompany.com, zone:Auto Zone successful
Starting daemon
Centrify DirectControl started.
Waiting for adclient to startup ......
Error: Failed to start adclient within given wait time (in seconds) - 60
Could not communicate with adclient.
Initializing cache
Exception during cache load ipc socket connect: No such file or directory
From the log files:
Feb 7 18:24:49 vhacdwsas11 adinfo[10673]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
Feb 7 18:24:49 vhacdwsas11 adinfo[10673]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
Feb 7 18:24:50 vhacdwsas11 adclient[5099]: INFO <main> network.state The following services appear to be blocked for DC vhacpt3dc1.vha.med.yourcompany.com: NTP
There is a core file in
/var/centrifydc with the timestamp around the time adjoin finished.
It is true that NTP has been blocked, but why do the messages not mention anything about a Kerberos clock skew?
Answer:In this instance, NTP is not being used from Windows, when the agent is tries the blocked NTP port it fails to create the lrpc socket (
/var/centrifydc/daemon,daemon2).
Since NTP is not coming from a Windows DC, it should be set in
/etc/centrifydc/centrifydc.conf:
- adclient.sntp.enabled: false
After the setting parameter and saving the config file, restart the agent by running the following as root:
- adreload
- /usr/share/centrifydc/bin/centrifydc restart
Note: