Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Control vmware appliance and AD domain (unable to join domain :()
  •  
Seraphim

Messages: 2
Karma: 0
Send a private message to this user
Dear all,
I have installed vmware 5.1 and latest Kerio Control appliance. From Windows Server 2008 R2 Standard x64 I have downloaded config from Windows installation of Kerio Control. Everything looks OK and working, but there is one big problem:
I tried to add Kerio Control appliance to Active Directory domain on another Windows Server 2008 R2 Standard x64 where AD is running.
I have entered this data:
Name of domain: domain.local
Name of Kerio Control server: kerio-control
User name: Administrator
Password: mypassword
After pressing Next i only get: Error connecting to domain: operations error.

From debug log:
[08/Jul/2013 08:39:24] {auth} ADConnector: testJoin() - Disconnected - join newer successfully called
[08/Jul/2013 08:39:42] {auth} Using forwarder 192.168.0.xx.
[08/Jul/2013 08:39:42] {auth} detected workgroup DOMAIN, using server server.domain.local
[08/Jul/2013 08:39:42] {auth} ADConnector: join() - (65280) Failed to join domain: failed to set machine spn: Operations error
[08/Jul/2013 08:39:42] script output : Failed to join domain: failed to set machine spn: Operations error
[08/Jul/2013 08:39:42] {auth} ADConnector: testJoin() - Disconnected - join newer successfully called


This creates machine in AD, but thats it. Clean install of Kerio Control or with config isnt any difference.

I can successfully map users from AD, test connection to AD, that works. But I can not connect to AD.

Please help! Sad

[Updated on: Tue, 09 July 2013 07:46]

  •  
Seraphim

Messages: 2
Karma: 0
Send a private message to this user
I have done it at last!
this helped: safesquid.com/content/kerberos-sso
Particularly:
create a new user in AD with the same name as Kerio server, in my case kerio-control, set password for this account and set it to never expire.
In console, run these commands:
setspn -A hosts/kerio-control.domena.local kerio-control
setspn -A HTTP/kerio-control.domena.local kerio-control
setspn -l kerio-control

And of course have synced time.

In Kerio Control appliance, use this new account to connect to AD. Worked like a charm Smile

[Updated on: Tue, 09 July 2013 10:11]

Previous Topic: User Quota is not working at all !
Next Topic: Mac VPN client
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Oct 20 00:01:32 CEST 2017

Total time taken to generate the page: 0.00372 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.