Failure to join the domain

These conditions are required for Content Gateway to join a domain:

• Content Gateway must be able to resolve the domain name.
• Content Gateway system time must be synchronized with the domain controller’s time, plus or minus 1 minute.
• The correct domain Administrator name and password must be specified.
• There must be TCP/UDP connectivity to the domain controller(s) (ports 88, 389, 445).
• If backup domain controllers are configured, they and their Kerberos Distribution Center (KDC) services, must be reachable by Content Gateway on the network.
• If the Active Directory is configured with multiple Sites, ensure that the subnet that Content Gateway is on is added to one of them.

Troubleshooting

• Errors encountered in the join action are reported at the top of the screen (the Integrated Windows Authentication tab).
• The error message usually includes a link to the failure log where you can get more details.
• Join failures are logged to /opt/WCG/logs/smbadmin.join.log
• In most cases, the failure message in the log is a standard Samba and Kerberos error message that is easily found with an Internet search.