Unable to join Windows Domain
search cancel

Unable to join Windows Domain

book

Article ID: 174158

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

When attempting to join the ProxySG to our Active Directory Windows Domain with Kerberos RC4/MD5 encryption disabled, it is failing to join.

Domain join failed:

"EPM" failed to join
KDC has no support for encryption type

 

Environment

Active directory domain will have the following Kerberos security settings imposed in the domain policy:

Note: The RC4/MD5 are not selected therefore the AD will not accept any requests containing those encryption types 

 

 

Cause

Active directory domain has RC4/MD5 Kerberos encryption disabled however due to the fact that the logon named supplied does not exactly match the name in Active directory the ProxySG needs to hash the credentials. This hashing procedure is done with RC4/MD5 so it will not be possible to join the Active directory domain unless the logon name is entered as it appears in active directory.

For example, if the User logon name in active directory is specified as below:

In the ProxySG we would need to exactly enter "John DoE", if we were to enter instead "john doe". The ProxySG will hash this and the request will be made with RC4/MD5 which will cause the ProxySG to fail to join the domain.

Resolution

Consult with the Active directory team and determine the User logon name for the account being used to join the Active directory domain and confirm the case sensitivity of that account. Once we have the correct account name we will be able to join the Active directory domain.