Failure to join the domain
These conditions are required for Content Gateway to join a domain:
- Content Gateway must be able to resolve the domain name.
- Content Gateway system time must be synchronized with the domain controller’s time, plus or minus 1 minute.
- The correct domain Administrator name and password must be specified.
- There must be TCP/UDP connectivity to the domain controller(s) (ports 88, 389, 445).
- If backup domain controllers are configured, they and their Kerberos Distribution Center (KDC) services, must be reachable by Content Gateway on the network.
- If the Active Directory is configured with multiple Sites, ensure that the subnet that Content Gateway is on is added to one of them.
Troubleshooting
- Errors encountered in the join action are reported at the top of the screen (the Integrated Windows Authentication tab).
- The error message usually includes a link to the failure log where you can get more details.
- Join failures are logged to /opt/WCG/logs/smbadmin.join.log
- In most cases, the failure message in the log is a standard Samba and Kerberos error message that is easily found with an Internet search.