Centrify DirectControl, Centrify Identity Service, Mac Edition, Centrify DirectAudit
KB-1579: adjoin failed with "(kerberos) Authentication error" after authoritative restore on windows server 2008
Applies to: All versions of DirectControl with Windows 2008 domain
Join of Unix, Linux or Mac machines to a Windows 2008 domain using adjoin fails and running adjoin in verbose option shows the error as follows:
Update account control. This requires computer object update rights... Update account control information succeeded Update OS information. This requires computer object update rights... Update OS information succeeded Setting machine password... Using computer account to change password (kerberos) Authentication error
due to unexpected configuration or network error.
This may happen in AD environments where an authoritative restore of krbtgt was done. This causes the kpasswd protocol to fail with KDC_ERR_S_PRINCIPAL_UNKNOWN error which prevents join of Unix or Mac machines to the domain.