Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-11937: Error when trying to join windows machine to zone

Privilege Elevation Service ,  

29 March,19 at 07:23 PM

Problem:

When trying to join a Windows machine to a zone, getting the below error.
 
Failed to Enable Service
Reason: Directory Object already exists.

User-added image


Cause:

It is very likely that the Windows machine had been previously been joined to the zone in question and the ServiceConnectionPoint (SCP) did not get cleaned up when the machine was initially removed from the zone.

Snippet from logs (C:\Program Files\Common Files\Centrify Shared\Logs\DirectAuthorizeAgent_<date>_<agentVersion>.txt) showing the error and the location of the SCP object that the error message is referencing.
 
[2019-03-21 11:56:19.185 -0500] Centrify.WinAgent.ServiceConfig.exe[9980,12] Verbose: DirectoryObject.HandleComException: The object already exists for LDAP://DC1.centrifyimage.vms/cn=win10cdc.centrifyimage.vms,CN=Computers,CN=Windows,CN=Global,CN=Zones,CN=Centrify,DC=centrifyimage,DC=vms: The object already exists.


Resolution:

Use ADSI Edit or Active Directory Users and Computers (ADUC) to browse to the location SCP object listed in the log file.

cn=win10cdc.centrifyimage.vms,CN=Computers,CN=Windows,CN=Global,CN=Zones,CN=Centrify,DC=centrifyimage,DC=vms
User-added image

Right-click on the object and choose 'Delete'.

Re-attempt to join the machine to the zone.


Note:

The following Knowledge Base article can be used to increase the logging level to VERBOSE, if only INFO level messages are being seen in the log file.

KB-11101-Enabling-debug-mode-of-Centrify-Privilege-Elevation-Service-Former-DirectAuthorize-for-Windows-without-opening-config-panel

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.