Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-10143: adcdiag shows "CLDINST" error when multiple DNS servers are set in /etc/resolv.conf

Centrify DirectControl ,  

13 April,18 at 12:02 AM

Problem:

When running the adcdiag script on a Linux/Unix server the following error is shown:


Check item #7: ErrorExit
        Please re-specify the trusted Identity Platform instance in the zone.
    SUGGESTIONS:
tform instance.
        Trusted Identity Platform instance is configured but no Centrify Connector is serving to this Identity Pla
    ERROR:
    INFO: Trusted Identity Platform instance set in zone: https://aaa1234.my.centrify.com:443/
    INFO: Can't discover any Centrify Connectors.
  Description: Verify that trusted Identity Platform instance is specified
Check item #7: CLDINST started


MFA works yet the script is failing, why and how to fix this?

Cause:

The adcdiag script uses ldap to make a search on the domain for available Centrify connectors. If the first DNS server in /etc/resolv.conf does not know about the domain controllers the query will fail. This is a limitation of ldapsearch - it relies on DNS. 


Resolution:

Add a valid DNS server as the first entry that have records to a Domain Controller.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.