Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1958: ipc socket errors preventing connection to domain controller

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:07 AM

Applies to: All versions of Centrify DirectControl
 
Problem:
 
The following messages are observed when Centrify's adclient (version 4.3.x) does not start. adinfo shows its DOWN.
 
Jan 24 21:09:35 vlman3 adinfo[5612]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
Jan 24 21:09:35 vlman3 adinfo[5612]: DEBUG util.except (IO) : ipc socket connect: No such file or directory (reference lrpc/ipcmessage.cpp:434 rc: 1)
Jan 24 21:09:35 vlman3 adinfo[5612]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
Jan 24 21:09:37 vlman3 adinfo[5616]: DEBUG util.except (IO) : ipc socket connect: No such file or directory (reference lrpc/ipcmessage.cpp:434 rc: 1)
Jan 24 21:09:37 vlman3 adinfo[5616]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
Jan 24 21:09:37 vlman3 adinfo[5616]: DEBUG util.except (IO) : ipc socket connect: No such file or directory (reference lrpc/ipcmessage.cpp:434 rc: 1)
Jan 24 21:09:37 vlman3 adinfo[5616]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory
 

Cause:
 
This is not a Centrify issue. The problem was caused by slow customer network/dns servers. 
 
From a network trace, it was observed that adclient had to wait for a very long time for a response from DNS servers. They were very slow to respond, resulting in the Centrify agent (adclient) going into a Down state. 
 

Workaround:
 
Edit the /etc/centrifydc/centrifydc.conf config file as root:

Set the following: 
  1. dns.forcetcp: true
    • ​​This is to disable attempts on the UDP protocol which cause further delays.
    • This configuration parameter specifies whether to allow Kerberos requests to use UDP, or to force all Kerberos requests to use TCP. 
  2. adclient.dns.cache.size: 100 
    • This configuration parameter specifies the maximum number of unique DNS requests that should be cached by the Centrify DirectControl Agent.
    • The value of this parameters should be approximately 10 times the number of unique domains in the forest.
    • For example, if there are eight unique domains in the Active Directory forest, it is suggested to allow the agent to cache up to 80 unique DNS requests.
    • When setting this value, consider the network bandwidth and activity and local disk and memory availability (Default value is 50) 
  3. dns.dc.... (to 2 DC) 
  4. dns.gc.... (to 2 GC)
    • The two dns.* parameters will hardcode the server addresses to go straight to target DCs, allowing the ability to bypass slow DNS servers.  
 
After saving the configuration file with the edits above, run 'adreload' command to commit the changes and restart the Centrify agent.
 

Note:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.