Reset Search



KB22289 - Active Directory troubleshooting procedure

« Go Back


Last Modified Date9/22/2016 4:39 AM

This article provides a troubleshooting procedure for resolving Active Directory login issues.

Problem or Goal

 You may experience the following error, when setting up a Windows 2003/2008 Active Directory Authentication Server:

Error while joining domain JTACLAB. Possible causes:
- The specified administrator credentials do not properly authenticate.
- The specified domain or domain controller may not be valid.
Also, the device's clock must be in sync with the Active Directory server.

  1. Verify the Active Directory Server configuration in IVE > Auth Servers.

    Click Test Configuration to confirm the configuration is correct and the Auth Server is reachable.
  • If you receive an error stating that the Auth Server is unreachable, make sure to ping the Auth Server from the following location:

    Troubleshooting > Tools > Commands > ping

    (The Authentication Server needs to be reachable).
  • Ensure that the IP Address and Domain name credentials are entered correctly.
  • Verify that you are using an NTP server; the Clock should be the same between the Domain Controller and the IVE.
  • Try setting the time manually from the browser, under System > Status > System Date & Time click Edit.
  • Try testing by using different user names with domain admin/enterprise admin privileges; verify the credentials.
  • Change the computer object name in View Advanced Options.

    The next time you click Test Configuration in the Auth Server, a new computer name is added in the Active Directory container.
  • Select only Kerberos and NTLM V2 and see if that works.
  • Uncheck Kerberos and select only NTLM v2, v1 from the Authentication Protocol (steps 8 and 9 can be performed, if the Kerberos/NTLM protocols are failing).
  • Select the User may belong to Domain Local Groups across trust boundaries option in the AD/NT auth instance (this option is under View Advanced Options).
  • Try restarting the services/Reboot the IVE if this issue is intermittent.

For information on IVE 'join domain', refer to KB2624 - With Active Directory (AD) on Windows Server 2000, Windows Server 2003 and Windows Server 2008, how can the IVE 'join domain' without using a Domain Admin account?

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255