Solved

Riverbed Steelhead 250 - Failed to join domain: failed to connect to AD: Invalid credentials

Posted on 2011-09-15
2
4,099 Views
Last Modified: 2012-05-12
I am trying to join a SH to our domain via the web interface.

CONFIGURE | NETWORKING | WINDOWS DOMAIN

I am entering the AD domain name & domain admin credentials - the operation fails with the following error:

Failed to join domain: failed to connect to AD: Invalid credentials

The credentials are known to be working, using the same credentials I am able to remove and add a PC to the same domain.

We have followed the same procedure to join 34 other SH's to the same domain and they all worked ok.

This SH was previously joined to the domain but was removed for testing - its now that we are unable to add it to the domain again.

Any one had the same time of issue with a Riverbed Steelhead ?
0
Comment
Question by:Suncore
2 Comments
 
LVL 10

Accepted Solution

by:
wdurrett earned 500 total points
ID: 36544307
Hi.

Can you tell me what version of RiOS you are running?

One time I had a hard time joining a SH to a domain and it turned out that the name of the SH could not be more thatn 15 charaters long.  Here is the full checklist from RVBD:

Check List for Joining a Domain
Verify that the following before attempting to add the Steelhead appliance to the designated domain:

The clocks on the Steelhead appliance and the domain controller must be time synchronized to within 5 minutes of each other (NTP recommended).  Note that their respective timezones are not relevant, as long as their UTC times agree.


The Steelhead appliance host name must be no more than 15 characters (Configure > Networking > Host Settings)


There must be an A record present in the Forward Lookup Zone of the DNS server for the primary interface of the Steelhead appliance (which itself must be connected to the LAN)


The DNS server configured on the Steelhead must be able to resolve the domain's SRV records (Configure > Networking > Host Settings - Primary DNS Server IP Address field).  Likewise, the domain controller should be able to resolve the Steelhead appliance name.  Using the same DNS server for both Steelhead appliance and the domain controller simplifies this, but is not mandatory.
You should be able to ping the Fully Qualified Domain Name (FQDN) of the Steelhead appliance from all the domain controllers and ping the domain controller(s) by name from the Steelhead appliance.
The AD domain suffix in the DNS settings on the Steelhead appliance is required (Configure > Networking > Host Settings - DNS Domain List).  It should contain a value such as domain.riverbed.com. You can determine this value for your domain by issuing the set command at the command prompt of any member computer or server logged in as a domain user, and searching for USERDNSDOMAIN.

Verify the credentials used to join the domain - they must be those of a Domain Administrator.  Do not specify in the  "Domain\username" format.  Simply provide the user name.
Prior to RiOS 5.5.1 and  5.0.6, ensure that the domain administrator password does not contain special characters such as the plus (+) or at (@) symbols.
Username@FQDN format is supported starting in RiOS 5.5.1, if required.
Note that the administrator credentials are not stored on the Steelhead appliance.  RiOS deletes them after the domain join procedure completes.

Verify that the Steelhead appliance does not currently exist in the Computers container of the Active Directory (AD) as this can cause a failure to join the domain. (If the computer?s Organizational Unit (OU) has been re-targeted to a new OU, verify that container for an existing Steelhead appliance account.)


From RiOS 5.5, the Short Domain Name is required if the NetBIOS domain name does not match the first portion of the FQDN (Configure > Networking > Windows Domain - Short Domain Name).  This field is case insensitive.
This is a change from previous RiOS versions which would allow you to join the domain even if the short name differed from the first portion of the FQDN.
You can determine if the FQDN and short name values for your domain by issuing the set command at the command prompt of any member computer or server logged in as a domain user, and searching for USERDNSDOMAIN (the FQDN) and USERDOMAIN (the short name).
If the Steelhead appliance is running a RiOS version older than 5.5.2 and you want to join a child domain, consider adding "netlogon" to the group policy under "named pipes that can be accessed anonymously" in the child domain default domain policy. Once the domain join completes, you can reverse this step.
0
 
LVL 2

Author Closing Comment

by:Suncore
ID: 36546321
The clocks on the Steelhead appliance and the domain controller must be time synchronized to within 5 minutes of each other (NTP recommended).  Note that their respective timezones are not relevant, as long as their UTC times agree.

Thankyou!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now