Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-24225: In Centrify Infrastructure Services 19.6 adclient.cloud.connector fails to use the specified connector

Authentication Service ,  

18 December,19 at 05:21 PM

Problem: In version 19.6 (5.6.0) of Centrify Infrastructure Services, there are improvements to the configuration option adclient.cloud.connector. In some situations this option is set, yet adclient fails to locate and use the wanted connector.

    Cause: Some 'keywords' attributes are missing or not valid from the service connection point of the connector. 

    Resolution: 
    Open ADSI edit, locate the connector SCP object and confirm that the following keywords are in the attributes of this object with valid values. You can also run the following command as root on the machine having the issue to pull the list of SCP objects of the connectors from AD:

    /usr/share/centrifydc/bin/ldapsearch -m -r "(&(objectClass=serviceConnectionPoint)(cn=proxy))"

    User-added image

    If the following keywords are missing or do not have valid values follow the steps below to correct the issue:
    • "centrify.mobile.proxyUri"
    • "centrify.core.webproxy"
    • "centrify.core.cloudurl"
    • "centrify.mobile.proxySysId"

    1a) If the connector is running with the default LocalSystem account, use the ADSI Edit tool to check the effective access granted to the machine account over the connectors SCP object and fix the permissions if needed. By default this is "Full Control".
    1b) If the connector is running with a service account, use the ADSI Edit tool to check the effective access granted to the account over the connectors SCP object and fix the permissions if needed. At a minimum the permissions should allow the service account to update the attributes of the object. 
    2) Restart the connector after fixing the permission issue and confirm the keyword attributes now show up correctly.

    Related Articles

     articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleCentrify 19.6 Release Notes articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleCentrify 18.5 Release Notes articleCentrify 20.5 Release Notes articleCentrify 20.3 Release Notes articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleCentrify 18.3 Release Notes articleCentrify 20.1 Release Notes