Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4894: How to suppress "base.zonehier Failed to extend object" message in centrifydc.log

Authentication Service ,  

12 April,16 at 11:13 AM

Applies to: Centrify for DirectControl version 5.2.0 or below on all Unix/Linux platform

Question:

The following warning message is logged on Centrify-Enabled machines:

adclient[13722]: WARN <fd:27 CAPILdapFetch > base.zonehier Failed to extend object for CN=xxxxx,OU=xxxx,DC=xxx,DC=xx

The computer "xxxxx" is a collector:

May 14 10:45:24 localhost adclient[15105]: DEBUG <fd:10 CAPILdapPagedSearchGetNext > lrpc.adobject new object: CN=Vegas-Service-b347dda4-f507-4f10-ad8e-212fc9059eef,CN=xxxxx,OU=xxxx,DC=xxx,DC=xx

Is there any way to suppress or lower the level of this warning message?

Answer:

The reason of this warning message is that the AD object adclient tried to search doesn't have a dNSHostName attribute. It was thus taken as an LDAPException and throw it to outer catch, then the outer catch blocks the message as WARN and writes it into the log file. 

There is no workaround before Suite 2014 (or Centrify DirectControl version 5.2.0), but these WARN messages can be safely ignored.

In Suite 2014, when the LDAP fetched an AD object that has no dNSHostName attribute, it will be logged as a DIAG message instead of WARN message. The DIAG message will look like:

[root@rhel61x64v1 ~]# tail -f /var/log/centrifydc.log | grep -i dnshostname
Nov 23 13:29:16 rhel61x64v1 adclient[8625]: DIAG  <fd:24 CAPILdapFetch > base.schema.cdc Computer CN=WIN2012_FANY,OU=Domain Controllers,DC=echo,DC=test does not have dNSHostName attribute, skip searching for computer extension (returning NULL)!
Nov 23 13:29:16 rhel61x64v1 adclient[8625]: DIAG  <fd:24 CAPILdapFetch > base.schema.cdc Computer CN=WIN2012_FANY,OU=Domain Controllers,DC=echo,DC=test does not have dNSHostName attribute, skip searching for computer extension (returning NULL)!

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-2528: base.zonehier Failed to extend object articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-2233: How to change log level? articleKB-1745: How to configure time synchronization when using Solaris Zones.