Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2837: adclient fails to start within given wait time when NTP is blocked on DC

Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:07 AM

Applies to: Centrify DirectControl 5.x 

Question:

adclient does not start properly and outputs the following:
 
The adjoin ended with these messages: 

Join to domain:vha.med.yourcompany.com, zone:Auto Zone successful 
Starting daemon 

Centrify DirectControl started. 
Waiting for adclient to startup ...... 

Error: Failed to start adclient within given wait time (in seconds) - 60 
Could not communicate with adclient. 
Initializing cache 
Exception during cache load ipc socket connect: No such file or directory
 


From the log files:
 
Feb 7 18:24:49 vhacdwsas11 adinfo[10673]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory 
Feb 7 18:24:49 vhacdwsas11 adinfo[10673]: INFO lrpc.session process authentication request failed: ipc socket connect: No such file or directory 
Feb 7 18:24:50 vhacdwsas11 adclient[5099]: INFO <main> network.state The following services appear to be blocked for DC vhacpt3dc1.vha.med.yourcompany.com: NTP
 


There is a core file in /var/centrifydc with the timestamp around the time adjoin finished. 

It is true that NTP has been blocked, but why do the messages not mention anything about a Kerberos clock skew?


Answer:

In this instance, NTP is not being used from Windows, when the agent is tries the blocked NTP port it fails to create the lrpc socket (/var/centrifydc/daemon,daemon2). 

Since NTP is not coming from a Windows DC, it should be set in /etc/centrifydc/centrifydc.conf:
  • adclient.sntp.enabled: false 

After the setting parameter and saving the config file, restart the agent by running the following as root:
  • adreload
  • /usr/share/centrifydc/bin/centrifydc restart

Note:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.