Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-11937: Error when trying to join windows machine to zone

Privilege Elevation Service ,  

29 March,19 at 07:23 PM

Problem:

When trying to join a Windows machine to a zone, getting the below error.
 
Failed to Enable Service
Reason: Directory Object already exists.

User-added image


Cause:

It is very likely that the Windows machine had been previously been joined to the zone in question and the ServiceConnectionPoint (SCP) did not get cleaned up when the machine was initially removed from the zone.

Snippet from logs (C:\Program Files\Common Files\Centrify Shared\Logs\DirectAuthorizeAgent_<date>_<agentVersion>.txt) showing the error and the location of the SCP object that the error message is referencing.
 
[2019-03-21 11:56:19.185 -0500] Centrify.WinAgent.ServiceConfig.exe[9980,12] Verbose: DirectoryObject.HandleComException: The object already exists for LDAP://DC1.centrifyimage.vms/cn=win10cdc.centrifyimage.vms,CN=Computers,CN=Windows,CN=Global,CN=Zones,CN=Centrify,DC=centrifyimage,DC=vms: The object already exists.


Resolution:

Use ADSI Edit or Active Directory Users and Computers (ADUC) to browse to the location SCP object listed in the log file.

cn=win10cdc.centrifyimage.vms,CN=Computers,CN=Windows,CN=Global,CN=Zones,CN=Centrify,DC=centrifyimage,DC=vms
User-added image

Right-click on the object and choose 'Delete'.

Re-attempt to join the machine to the zone.


Note:

The following Knowledge Base article can be used to increase the logging level to VERBOSE, if only INFO level messages are being seen in the log file.

KB-11101-Enabling-debug-mode-of-Centrify-Privilege-Elevation-Service-Former-DirectAuthorize-for-Windows-without-opening-config-panel

Related Articles

 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6041: How to show current license type in use by adclient articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-17161: Preparing for the Tenant URL Change to centrify.net article[Labs] Setting-up an AWS Test Lab for Centrify articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-1867: Self-serve join fails with "Warning: Insufficient permission to update Security Descriptor of Computer Object"