Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2546: Adjoin failed with "RPC Error(rc=0xc0000022): Access Denied"

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:13 AM

Applies to:

Centrify DirectControl version 4.4.4 on all platforms

Problem:

On DirectControl 4.4.4, using adjoin -c specifying a specific container fails with:

RPC Error(rc=0xc0000022): Access Denied

This works on all other releases.

Example:
adjoin -V -u ian -c iltest.net/Servers/Unix -z linux iltest.net
.
.
.
Using RPC to create the computer account
Unexpected RPC Error(rc=0xc0000022): Access Denied
due to unexpected configuration or network error.
Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.
Join to domain 'iltest.net', zone 'linux' failed. 

Cause:

Except for version 4.4.4, using adjoin with a specified container, will switch to ldap to create the computer object (instead of SMB). 
But in the 4.4.4 release, this was refactored to disregard this consideration. 
Instead, it creates the computer object in the default container and then move it to target destination. 
However, if the user does not have permission to create objects in the default container - adjoin will fail with "Access Denied".

Resolution:

Use adjoin -l to force creating computer objects through ldap

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.