SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2021-01-21 05:17 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0002767 | Endian Firewall | Installation | public | 2010-03-12 12:55 | 2010-11-22 12:08 | ||||
| Reporter | bertusfloor | ||||||||
| Assigned To | simon-endian | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 2.3 | ||||||||
| Target Version | Fixed in Version | 2.4.1 | |||||||
| Summary | 0002767: Endian Firewall 2.3 Failed to join domain when connecting to Active Directory (NTLM) Server 2008 | ||||||||
| Description | I have tried connecting to Active Directory on a client Endian Firewall 2.3 and also at our office on a fresh install of Endian Firewall 2.3. We have never been able to connect. Tried varies, this is how it is now: Proxy\http\authentication - selected windows active directory (ntlm) then authentication realm = wit.local, under domainname = wit.local, PDC = SBS2008, PDC ip = 10.0.0.2, Clicked Join, entered admin username + password, then I get the error: Failed to join domain. | ||||||||
| Additional Information | Added host and hostname under network\edit hosts\add a host Made sure the timeserver is matching domain time | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |  Authentication.jpg [^] (159,125 bytes) 2010-03-14 12:58
AD Join.jpg [^] (141,731 bytes) 2010-03-14 12:58
Group policy setting.jpg [^] (195,718 bytes) 2010-03-14 13:00
dns.jpg [^] (45,773 bytes) 2010-03-15 07:45
Working DNS.jpg [^] (144,280 bytes) 2010-03-15 16:42
Custom DNS.jpg [^] (153,292 bytes) 2010-03-15 21:56
running-services.jpg [^] (149,005 bytes) 2010-03-16 07:42
My services.jpg [^] (158,312 bytes) 2010-03-16 08:33
fix.jpg [^] (76,867 bytes) 2010-03-16 09:31
| ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0004028) baldy (reporter) 2010-03-12 17:22 edited on: 2010-03-12 17:26 |
Hi Bertus, I have been able to successfully join Endian 2.3 my SBS2008 server domain. On your SBS server please check your Default Domain Policy. Expand Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Security Options. Scroll down to Network Security: LAN Manager authentication level. Change it from Not Defined to Send LM & NTLM - use NTLMv2 session security if negotiated. NTLM is disabled by default on 2008. Also when joining the domain use only an account name without domain information. E.g. administrator and not domain.local\administrator, domain\administrator or administrator@domain.local. Regards, Klaas-Jan |
|
(0004030) baldy (reporter) 2010-03-14 13:01 |
Added screen prints for clarification. Regards, Klaas-Jan |
|
(0004031) bertusfloor (reporter) 2010-03-15 07:43 |
Hi Klaas-Jan, Thank you very much for the information and the screenshots. I have configured my firewall exactly the same and changed the setting in the default domain policy. I have also restarted the server. I still cannot connect to AD but now get a different error: Failed to join domain: failed to find DC for domain WIT.LOCAL I have added the DC under network\dns as per attached file. Do you have any ideas? Regards, Bertus |
|
(0004034) baldy (reporter) 2010-03-15 16:44 |
Bertus, Might be the all capitals in both server and domainname. Regards, Klaas-Jan |
|
(0004035) baldy (reporter) 2010-03-15 21:56 |
Bertus, You can also add a custom nameserver for your domain on the Endian. That way, for your internal domain name you can point it to the SBS box. I have added a screen print from where this has to be done. It is also mentioned in the Endian KB http://kb.endian.com/entry/49/ [^] Regards, Klaas-Jan |
|
(0004036) bertusfloor (reporter) 2010-03-16 07:16 |
Thank you for you help Klaas-Jan. I changed all the names to lower-case and added a custom nameserver on the Endian Firewall. I have also synced the time. Both AD and the Endian Firewall have the exact same time and time zone. I also ran through the network wizard and added our SBS 2008 server's IP address in as DNS 1. I also point the IP address of our SBS 2008 Server to it's name under Network > Edit Hosts. I am still getting this error: Failed to join domain: "failed to find DC for domain WIT.LOCAL" |
|
(0004037) bertusfloor (reporter) 2010-03-16 07:42 |
I attached a screenprint of running services - is this right? |
|
(0004038) baldy (reporter) 2010-03-16 08:43 |
Bertus, I have added a screenprint of my services, only, imho significant, difference is the DNS proxy. DNS proxy is running on all Endian 2.3 installations I have done so far. Those installations also have smtp proxy enabled, not sure whether those 2 are related. I will try to setup a clean 2.3 system with no options enabled and check if that one can join the domain. Btw, your error still says WIT.LOCAL (uppercase). Regards, Klaas-Jan |
|
(0004040) bertusfloor (reporter) 2010-03-16 09:33 |
It's working! I looked at the DNS proxy you suggested, and changed the server name to the IP as per the fix.jpg attached and could connect straight away. Thanks Klaas-Jan! |
|
(0004041) simon-endian (developer) 2010-03-16 09:37 |
hi, with 2.3 it is not required to make a dns proxy and host entry. some questions for clearification: - did you enable the http proxy before trying to join the domain? (toggle button at proxy > http > configuration) - did you save & apply the settings at proxy > http > authentication, before trying to join (this is currently required) - did you use the same value for authentication realm and domain name? in your case you should use WIT.LOCAL (uppercase at authentication realm and lowercase at domain name) - what did you use for PDC and BDC hostname? this should be the computername of the windows server (there is a bug related to BDC hostname. so you should leave it empty) Regards, Simon |
|
(0004042) bertusfloor (reporter) 2010-03-16 09:51 |
I did not enable the http proxy before joining the domain, only afterwards to troubleshoot. I always saved the settings, restarted and made sure the settings applied before trying again. Yes I did use the same value for the authentication realm and domain name (first upper case and then later lower-case for both). -> I reverted back to my old settings and tested this. It did not work. I left BDC empty and for PDC I did entered the server name. It connects as soon as I add the IP address instead of the host name under >Proxy >DNS >DNS Routing. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-03-12 12:55 | bertusfloor | New Issue | |
| 2010-03-12 14:43 | ra-endian | Assigned To | => simon-endian |
| 2010-03-12 14:43 | ra-endian | Status | new => acknowledged |
| 2010-03-12 17:22 | baldy | Note Added: 0004028 | |
| 2010-03-12 17:26 | baldy | Note Edited: 0004028 | |
| 2010-03-14 12:58 | baldy | File Added: Authentication.jpg | |
| 2010-03-14 12:58 | baldy | File Added: AD Join.jpg | |
| 2010-03-14 13:00 | baldy | File Added: Group policy setting.jpg | |
| 2010-03-14 13:01 | baldy | Note Added: 0004030 | |
| 2010-03-15 07:43 | bertusfloor | Note Added: 0004031 | |
| 2010-03-15 07:45 | bertusfloor | File Added: dns.jpg | |
| 2010-03-15 16:42 | baldy | File Added: Working DNS.jpg | |
| 2010-03-15 16:44 | baldy | Note Added: 0004034 | |
| 2010-03-15 21:56 | baldy | Note Added: 0004035 | |
| 2010-03-15 21:56 | baldy | File Added: Custom DNS.jpg | |
| 2010-03-16 07:16 | bertusfloor | Note Added: 0004036 | |
| 2010-03-16 07:42 | bertusfloor | File Added: running-services.jpg | |
| 2010-03-16 07:42 | bertusfloor | Note Added: 0004037 | |
| 2010-03-16 08:33 | baldy | File Added: My services.jpg | |
| 2010-03-16 08:43 | baldy | Note Added: 0004038 | |
| 2010-03-16 09:31 | bertusfloor | File Added: fix.jpg | |
| 2010-03-16 09:33 | bertusfloor | Note Added: 0004040 | |
| 2010-03-16 09:37 | simon-endian | Note Added: 0004041 | |
| 2010-03-16 09:51 | bertusfloor | Note Added: 0004042 | |
| 2010-03-16 09:52 | bertusfloor | Status | acknowledged => resolved |
| 2010-03-16 09:52 | bertusfloor | Resolution | open => fixed |
| 2010-11-22 12:08 | peter-endian | Fixed in Version | => 2.4.1 |
| 2010-11-22 12:08 | peter-endian | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |