Failure to join the domain

These conditions are required for Content Gateway to join a domain:

  • Content Gateway must be able to resolve the domain name.
  • Content Gateway system time must be synchronized with the domain controller’s time, plus or minus 1 minute.
  • The correct domain Administrator name and password must be specified.
  • There must be TCP/UDP connectivity to the domain controller(s) (ports 88, 389, 445).
  • If backup domain controllers are configured, they and their Kerberos Distribution Center (KDC) services, must be reachable by Content Gateway on the network.
  • If the Active Directory is configured with multiple Sites, ensure that the subnet that Content Gateway is on is added to one of them.

Troubleshooting

  • Errors encountered in the join action are reported at the top of the screen (the Integrated Windows Authentication tab).
  • The error message usually includes a link to the failure log where you can get more details.
  • Join failures are logged to /opt/WCG/logs/smbadmin.join.log
  • In most cases, the failure message in the log is a standard Samba and Kerberos error message that is easily found with an Internet search.