Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1879: Adjoin fails due to "unexpected RPC Error"

Centrify DirectControl ,  

12 April,16 at 11:02 AM

Applies to: All versions of Centrify DirectControl

Question:
The command adjoin is failing when joining a server to AD. In the adjoin command, the -c flag (container) is not being specified as the server will be joined to the default container.

 Extract from debug log:

Jan 13 16:48:41 aixdev2 auth|security:debug adjoin[4194444]: DEBUG cli.adjoin Unexpected RPC Error(rc=0xc0000022): Access Denied
Jan 13 16:48:41 aixdev2 auth|security:debug adjoin[4194444]: DEBUG cli.adjoin  due to unexpected configuration or network error.

Answer:
The "RPC Error (rc=0xc0000022): Access Denied" means the user in question does not have sufficient rights to join the computer to the domain’s default Computers container.  

From the man pages of adjoin; Please use the -c flag in the adjoin command and specify the correct container or OU where the user has rights or make sure the user has rights to join servers in the default Computers container.

-c, --container containerDN 

The containerDN specifies the distinguished name (DN) of the container or Organizational Unit in which to place this computer account.  You can specify the containerDN by: 

- Canonical name (ajax.org/unix/services). Cannot specify a partial name for the canonical name. 
- Fully distinguished name (cn=services, cn=unix,dc= ajax,dc=org) 
- Relative distinguished name without the domain suffix(cn=services,cn=unix) 

If a container is not specified, the computer account is created in the domain’s default Computers container. 

Note that the container specified must already exist in Active Directory or the join operation will fail. The user must also have appropriate permissions to add entries to the specified container. 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.