Applies to: All version of Centrify DirectAudit
dainfo - -diag shows dad is offline with error message: Failed to establish GSS/Kerberos context
Establishing connection with dad: Success
Getting dad's online status: Offline
Getting dad's current collector:
Getting dad's offline db size: 0.00 Bytes
Getting offline database information:
Size on disk: 16.00 KB
Database filesystem usage: 3.69 GB used, 8.50 GB total, 4.80 GB free
Machine is Joined to test.net
Pinging adclient: Available
Zone is enabled for auditing
Located collector information from test.net/Program Data/Centrify/Zones/test:
Attempting to connect to collectors:
Host: CDA001.test.net Port: 4444 - Error: Failed to establish GSS/Kerberos
Direct Audit is NOT enabled on the following:
Kerberos authentication is not possible for services without properly set Service Principal Names (SPNs). SPN is registered in Active Directory under a user account as an attribute called Service-Principal-Name. In the other words, setting improper account to run DirectAudit Collector service will cause this issue.
You can identify the logon account for DirectAudit Collector service by following steps.
If it is set to use “Local System Account”, it should be fine. Please contact Centrify support for further investigation.
- Go to Administrative tools -> Service.
- Search “Centrify DirectAudit Collector”, Right-click and select Properties.
- Go to Log on tab, you should see the logon account name.
If it is configure to use service account or AD user account, please check the account is valid and password does not expire.