Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2921: adjoining with the self-serve flag fails with "Preauth" error messages in logs

Authentication Service ,  

12 April,16 at 11:38 AM

Applies to: All versions of Centrify DirectControl 
When using adjoin with the self-serve flag (-S), the operation fails with the following messages in the debug log:
13:00:32 wdc-ctfapp02tst adjoin[1962]: DEBUG base.kerberos.keytab GetSaltFromKDC returns:
Jan 25 13:00:32 wdc-ctfapp02tst adjoin[1962]: DIAG  base.aduser Calculated salt was correct, bad password
Jan 25 13:00:32 wdc-ctfapp02tst adjoin[1962]: DIAG  base.aduser Error: get creds: Preauthentication failed for user wdc-ctfapp02tst$ (enctype: AES-256 CTS mode with 96-bit SHA-1 HMAC)
Jan 25 13:00:32 wdc-ctfapp02tst adjoin[1962]: DEBUG base.osutil Module=Kerberos : get creds: Preauthentication failed (reference base/adbind.cpp:393 rc: -1765328360)
Jan 25 13:00:32 wdc-ctfapp02tst adjoin[1962]: DEBUG base.osutil Module=Base : bad password (reference base/adbind.cpp:641 rc: 1030)
Jan 25 13:00:33 wdc-ctfapp02tst adjoin[1962]: DEBUG cli.adjoin Error: Invalid user or password
Syntax of adjoin:
  /usr/share/centrifydc/libexec/adjoin -S -V
The environment uses dis-jointed DNS and so the -n flag was also attempted with the same results. 
Replication was ruled out when using the -s flag. Pre-creation of computer object was successful using DirectManage Access Manager. 
What could be the reason for the error messages?
In the event of pre-authentication failure, please follow the below steps.
1) After pre-creation of the computer object on ADUC (dsa.msc), right-click on the computer entry and do a reset.
See the following link which shows the steps:
2) Wait for the replication to complete.
3) Attempt a self serve join again using -S and it should now work.