Welcome to the Centrify forums.
Centrify adclient may go in disconnected mode if:
- A local event prevents the client from reaching a Microsoft Active Directory Domain Controller (DC)
e.g. A OS X system switches to a network outside the corporate site. - A network event or intermediate device prevents the client from reaching a Microsoft Active Directory Domain Controller (DC)
e.g. A firewall or network change is introduced. - An Active Directory topology change
E.g. an Active Directory sites and services change prevents this.
Note that like any other Active Directory client, we rely on a healthy Domain Name System (DNS) to be able to resolve Active Directory records. Nonetheless the client also maintains stats and a cache for DNS.
The client will proactively try to connect to systems:
1. primarily in the current AD site
2. alternatively in other AD sites
3. in case no DC is reachable, previously-logged-in users (or prevalidated users) will sign-in with cached credentials.
The client will also keep a tally of eligible domain controllers and proactively probe them for response times.
The good news is that if you can log in in disconnected mode, means that you're logging in with cached credentials.
There are many utilities available to monitor and diagnose connectivity issues, but the most important think to keep in mind is a basic checklist:
a) Has the system connected before?
b) Has there been a change on the network or topology?
c) Has there been a configuration change?
d) Are AD sites and services ( and subnets) properly maintained?
e) Have the unreachable DCs (perhaps in a DR site or in the DMZ) excluded from the pool of elegible DCs?
f) Have there been any DCs decommissioned incorrectly?
With that in mind, your toolset are:
- adcheck: performs all the basic checks for compatibility, network and AD connectivity
- adinfo: when used with the -T switch or the --diag option it can provide you with a lot of interesting capability
- syslog: events are written when the system has disconnected, reconnected, etc.
For more info, check out the cheat sheet: https://community.centrify.com/t5/TechBlog/TIPS-A-Centrify-Server-Suite-Cheat-Sheet/ba-p/22568
Note on your comment:
"The network service start after the Centrify service and for this reason
Centrify don't come up?"
The adclient daemon is up, otherwise you would not have been able to log in with cached credentials.
R.P