Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1516: adjoin -k fails to join a domain whose domain and forest functional levels are Windows Server 2008

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:45 AM

Applies to: All versions of Centrify DirectControl for UNIX/Linux

 

Problem:

 

adjoin with option "-k" fails to join a domain whose domain and forest functional levels are Windows Server 2008. Running it yields the following error message:

 

bash-3.00# adjoin -p pass,123 -k server.test
Using writable domain controller: win-nqe8dmvosvd.server.test
Error: Invalid user or password

Join to domain 'server.test', zone 'default' failed.

 

Cause:

 

[root@rhel3 root]# adjoin --help | grep des
  -k, --des                use DES key only

 

-k means to use DES encryption during the adjoin operation; DES encryption is no longer supported by Windows 2008 domains by default.

 

Resolution:

 

One can manually enable DES on the domain by setting the following group policy:

 

Under Computer Configuration/Windows Settings/Local Policies/Security Options/Network Security:

i. Configure available encryption types for Kerberos
ii. Enable All but "Future Encryption Types"
iii. Reboot Domain Controller.

Please refer to this Microsoft post for more information:

http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/ecf15eb9-26cf-483b-b1e3-1b1c7e4901e8

(Link provided as a courtesy)

Related Articles

 No related Articles