Quantcast
Channel: All Centrify Express posts
Viewing all 1833 articles
Browse latest View live

Add certificate fails - RPC error

October 21, 2017, 3:01 am
$
0
0

Hi,

 I sucesfully joined my linux machine into a domain, but cannot create a certificate

 


Local host name: ip-172-31-23-93
Joined to domain: tfbic.net
Joined as: ip-172-31-23-93.tfbic.net
Pre-win2K name: ip-172-31-23-93
Current DC: win-fam47drkcg3.tfbic.net
Preferred site: Default-First-Site-Name
Zone: Auto Zone
Last password set: 2017-10-21 08:41:56 UTC
CentrifyDC mode: connected
Licensed Features: Enabled

 

/usr/share/centrifydc/sbin/adcert -e -n TFBIC-EC2AMAZ-UISHUC6-CA -s EC2AMAZ-UISHUC6.TFBIC.NET -t Centrify

Error while issuing a certificate for Centrify: RPC error occurred during operation.

 

In ADCS I have a duplicate of computer cert, enabled auto enrollment, and created a template called "Centrify"

 

Any hints where I should look for the possible root cause of the problem?

Thanks

 

Search

Re: Add certificate fails - RPC error

October 21, 2017, 7:59 pm
$
0
0

,

 

An RPC error most likely means that there is no proper communication betweeen the client  and the server or that the server is unavailable.

 

For ports required for ADCS, here's a post:

https://support.microsoft.com/en-us/help/832017#method4

 

Additionally, you could enable debug (with addebug) and try the adcert command again and look at the created log file.

 

R.P

Re: Add certificate fails - RPC error

October 22, 2017, 2:50 pm
$
0
0

Yes, the problem was that some ports were not open on the security groups in AWS. 

Opening the all traffic solved the problem

Thanks

 

Re: Add certificate - RPC error

October 23, 2017, 6:15 am

AD user not provisioning in Centrify or Office 365.

October 23, 2017, 2:24 pm
$
0
0

Hello.  First the background to my issue:

 

We had a user resign so I disabled her account in AD.  When her replacement arrived, I went through the AD rename process for the new user.  Big mistake, apparently, as it caused major malfunctions with the new user.  So, I deleted the account altogether and created the new user's account from scratch.  After doing so, I received this error on sync:

 

User already synced or not updated:
jane.doe@domain.local (69279995-90c1-4cd6-9578-0d1c1b2872b3) => jane.doe@domain.org
Reason: UPN jane.doe@domain.org conflict detected

 

I thought this was being caused by what appeared to be an orphaned user in Office 365 for the old user account.  I removed the orphaned user with AD Azure Powershell, but this doesn't seem to have helped.  I've deleted and recreated the new user's account in AD and the provisioning process doesn't even appear to pick it up anymore.

 

I'm totally at a loss for ideas.  Thanks.

Re: AD user not provisioning in Centrify or Office 365.

October 24, 2017, 6:01 am
$
0
0

Hi J-NE,

 

As we need to collect some information from your tenant, we've filed a support ticket and will follow up with you there. Please stay tuned!

 

Best Regards,

Henry

Cannot adleave AD because no AD available

October 25, 2017, 8:33 am
$
0
0

Hello,

 

I have CentOS servers that at one time were authenticating to corporate's AD domain using Centrify.  The corporate AD is no longer available to our servers in the data centers.  I need to remove the Centrify RPM but cannot because I need to leave the domain first.  Problem is I cannot leave the domain because I cannot reach the AD.  How do I remove the Centrify software from the servers?

 

Thanks,

 

Wes

Re: Cannot adleave AD because no AD available

October 25, 2017, 8:39 am
$
0
0

Hello,

 

Never mind figured it out.

 

All I needed to do was an 'adleave --force'  that allowed the server to leave the domain.  Once that was done I was able to remove the package via RPM -e.

 

Thanks,


Wes

Search

Re: Cannot adleave AD because no AD available

October 25, 2017, 10:52 am
$
0
0

Thank you for sharing this solution with the community !

Re: Cannot adleave AD because no AD available

October 25, 2017, 1:54 pm
$
0
0

Since you did an offline leave, you still need to make sure that the AD objects (now orphaned) are cleaned-up.  There are many tools to do that.  

 

If this is an Express deployment, the account object can be cleaned with ADUC or any other tool.

If this is a zone-based deployment, ideally you'd use a tool like Access Manager or the Analyze Wizard.

Re: Cannot adleave AD because no AD available

October 25, 2017, 2:23 pm
$
0
0
Robertson,


Thanks for helping close the loop on a proper force leave. In our case the AD crashed and was not going to be recreated.


Wes

Seeing Printers from a Windows Print Server

October 26, 2017, 10:23 am
$
0
0

We have a Windows Print Server here that shares out our printers via Active Directory. When we bind a Mac to AD without Centrify it can see all our printers when you browse printers. When we bind it with Centrify it doesn't see the printers (the ones that begin with TWGLAPRINT01. Anyone know the easiest way to make it show them?

 

Re: Download links for Centrify Express?

October 26, 2017, 2:17 pm
$
0
0

As far as I can see, a year later, there is still no way to download an updated version of Centrify without repeating the registration process, regardless of whether you are registered already.

 

Re: how to get security updates ?

October 26, 2017, 2:28 pm
$
0
0

Can I just say that the requirement to go through the registration process again just to get to the download link has been an annoyance for years? Also the fact that the link to the Windows deployment manager download is under the linux-unix heading is probably confusing a lot of people.

 

You don't want people polluting your CRM with garbage data,  they don't want to have to fill out the same information over and over again. I'm already registered, I have a username and password, just give me a link to download the latest software somewhere in my profile.If the EULA must be re-agreed to each time you download, make it a checkbox on the download page.

 

Updates are not done frequently, but when they ARE needed, it's usually urgent, and an arbitrary roadblock is just a source of frustration.

 

Re: how to get security updates ?

October 26, 2017, 9:02 pm
$
0
0

 

We heard you loud and clear (just like we did ) and we agree that retyping the same data all over again is lame.  We will update this thread and do an announcement when this experience is enhanced.

 

For posterity, if you are a Centrify commercial customer, you can visit the Security Portal

Support (Hamburger menu)  > Policies > Product Security Policies for information about Security Updates.

 

psp.PNG

 

To retrieve software, in addition to the download centers and Deployment Manager manifests,  there are also YUM, APT and Zypper repos:

repo.png

 

R.P

Search

Time sync not working

October 27, 2017, 12:22 pm
$
0
0

Hello,

We are using CentrifyDC on our Ubuntu Linux systems.  Since the past cpl of weeks we have been noticing that the time on one of the Linux clients isn't in sync with our Domain Controller. It is off by cpl of minutes.  The issue is specific to only 1 Linux client , rest of our linux clients are able to sync time successfully. 

 

On the problem client, if i run the this command "  /usr/share/centrifydc/bin/adcheck --test ad <domain-name.com> | grep TIME "

 

I get below output

 

TIME : Check clock synchronization : Note
: This system's clock will be synchronized with AD when you join.
: This system thinks the time is Fri Oct, 27 15:18:23 EDT,
: AD thinks the time is Fri Oct, 27 15:20:58 EDT.

ADSYNC : Check domains all synchronized : Pass
2 warnings were encountered during check. We recommend checking these before proceeding

 

====================================================

 

Can someone pls advise how to resolve this ?  The linux client is joined to AD domain and even i am able to login using my AD account.   If i run a "adinfo" command on the client it shows it is joined to our domain & connected.

 

 

 

 

Re: Time sync not working

October 27, 2017, 12:49 pm
$
0
0
Update: I unjoined and re-joined the server back to AD domain but still i am getting the same error when I run the "adcheck" command. Looking forward for some resolution from this helpful community.

Re: Time sync not working

October 27, 2017, 7:28 pm

Re: Time sync not working

October 30, 2017, 6:44 am
$
0
0

Hello Robertson,  I just checked my centrifydc.conf file, it is set to default.  The sntp directive is commented out.  Below is how it looks in my case.  If i am not mistaken, the client will sync time with AD then.

Do you recommend to make any changes here with regards to the error i am getting?

 

# SNTP settings
#
# If true, adclient will keep the system clock in sync with 
# the domain controller.
#
# This parameter is controlled by the Group Policy
#
#      "Computer Configuration"
#      -> "Administrative Templates"
#         -> "System"
#            -> "Windows Time Service"
#               -> "Time Providers"
#                   -> "Enable Windows NTP Client"
#
# adclient.sntp.enabled: true
 

Re: Time sync not working

October 30, 2017, 7:02 am
$
0
0

Hello Robertson,

Thanks for pointing in the right direction.  I just copied over the centrifydc.conf file from a working linux server to this server and that resolved the issue.  Thanks much.

Viewing all 1833 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>