Thanks for the quick reply.
Here's what the adcheck command says when run locally:
root@nmsep01-ic1-bfi:~/centrify# ./adcheck-deb8-x86_64 -V corp.xxx.com
adcheck (CentrifyDC 5.5.1-400)
Host Diagnostics
uname: Linux nmsep01-ic1-bfi 4.15.0-39-generic #42-Ubuntu SMP Tue Oct 23 15:48:01 UTC 2018 x86_64
OS: Ubuntu
Version: 18.04
Number of CPUs: 1
Linux sanity checks
uname says Linux nmsep01-ic1-bfi 4.15.0-39-generic #42-Ubuntu SMP Tue Oct 23 15:48:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
osrev=ubuntud18.04
found Perl: /usr/bin/perl
Samba not found in $PATH.
Inspecting DNS configuration
Configured DNS servers are: -
127.0.0.53 (localhost)
UDP OK, response time = 0.0002
UDP OK, response time = 0.0002
UDP OK, response time = 0.0001
UDP OK, response time = 0.0002
UDP OK, response time = 0.0001
TCP probe failed: rejected
IP Diagnostics
Local host name: nmsep01-ic1-bfi
Local IP Address: 10.99.2.1
FQDN host name:nmsep01-ic1-bfi.corp.xxx.com
Local IP Address: 10.0.2.1
FQDN host name:nmsep01-ic1-bfi.local
look for local ssh server - found SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1
inspecting OS type
inspecting ssh configuration
sshd -v says OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n 7 Dec 2017
Domain Diagnostics:
DNS query for: _ldap._tcp.corp.xxx.com
Found SRV records:
wpdcp01-ic1-bfi.corp.xxx.com:389
Found SRV records:
Probe domain controller: wpdcp01-ic1-bfi.corp.xxx.com
Probe this domain controller with its IP address: 10.0.1.1
LDAP UDP port test OK for IP 10.0.1.1, response time = 0.0004
NTP port test OK for IP 10.0.1.1, response time = 0.0024
server wpdcp01-ic1-bfi.corp.xxx.com ( 10.0.1.1 ) says the time is Fri Nov, 30 14:04:13 UTC
SMB port test OK for IP 10.0.1.1, response time = 0.0004
Kerberos TCP port test OK for IP 10.0.1.1, response time = 0.0002
Kerberos UDP port test OK for IP 10.0.1.1, response time = 0.0013
kpassword TCP port test OK for IP 10.0.1.1, response time = 0.0001
Kpass UDP port test OK for IP 10.0.1.1, response time = 0.0000
LDAP TCP port test OK for IP 10.0.1.1, response time = 0.0002
Anonymous LDAP bind to wpdcp01-ic1-bfi.corp.xxx.com
Retrieve DC root object
Domain Controller: wpdcp01-ic1-bfi.corp.xxx.com
Domain controller type: Windows 2003
Domain Name: corp.xxx.com
isGlobalCatalogReady: TRUE
domainFunctionality: 7
forestFunctionality: 7
domainControllerFunctionality: 7
Probe this domain controller with its IP address: 10.99.1.1
LDAP UDP port test OK for IP 10.99.1.1, response time = 0.0002
NTP port test OK for IP 10.99.1.1, response time = 0.0002
server wpdcp01-ic1-bfi.corp.xxx.com ( 10.99.1.1 ) says the time is Fri Nov, 30 14:04:13 UTC
SMB port test OK for IP 10.99.1.1, response time = 0.0004
Kerberos TCP port test OK for IP 10.99.1.1, response time = 0.0001
Kerberos UDP port test OK for IP 10.99.1.1, response time = 0.0015
kpassword TCP port test OK for IP 10.99.1.1, response time = 0.0001
Kpass UDP port test OK for IP 10.99.1.1, response time = 0.0000
LDAP TCP port test OK for IP 10.99.1.1, response time = 0.0001
Anonymous LDAP bind to wpdcp01-ic1-bfi.corp.xxx.com
Retrieve DC root object
Domain Controller: wpdcp01-ic1-bfi.corp.xxx.com
Domain controller type: Windows 2003
Domain Name: corp.xxx.com
isGlobalCatalogReady: TRUE
domainFunctionality: 7
forestFunctionality: 7
domainControllerFunctionality: 7
Locating global catalogs for CORP.xxx.COM from DNS.
DNS query for: _gc._tcp.CORP.xxx.COM
Found SRV records:
wpdcp01-ic1-bfi.CORP.xxx.COM:3268
Found SRV records:
Probe GC: wpdcp01-ic1-bfi.CORP.xxx.COM
Probe this GC with its IP address: 10.0.1.1
GC port test OK for IP 10.0.1.1, response time = 0.0002
Probe this GC with its IP address: 10.99.1.1
GC port test OK for IP 10.99.1.1, response time = 0.0001
DC performance table
wpdcp01-ic1-bfi.corp.xxx.com udp response 0ms site=
symmetry test on 127.0.0.53
get srv list for domain ok 1 entries
Retrieving site information from wpdcp01-ic1-bfi.corp.xxx.com
compare the clocks on all domains to see if they are all synchronized.
OSCHK : Verify that this is a supported OS : Pass
PATCH : Linux patch check : Pass
PORTMAP : Verify that portmap or rpcbind is installed : Warning
: Could not install CentrifyDC-nis package.
: PORTMAP not installed. Please install required
: portmap or rpcbind package, which CentrifyDC-nis
: depends on
PERL : Verify perl is present and is a good version : Pass
SAMBA : Inspecting Samba installation : Pass
SPACECHK : Check if there is enough disk space in /var /usr /tmp : Pass
HOSTNAME : Verify hostname setting : Pass
NSHOSTS : Check hosts line in /etc/nsswitch.conf : Pass
DNSPROBE : Probe DNS server 127.0.0.53 : Warning
: This DNS server does not appear to respond to TCP
: requests. This is OK for small domains but will cause
: problems otherwise. Note that the VMware NAT service
: does not support TCP - this is normal.
DNSCHECK : Analyze basic health of DNS servers : Warning
: One or more DNS servers are dead or marginal.
: Check the following IP addresses in /etc/resolv.conf.
:
: The following table lists the state of all configured
: DNS servers.
: 127.0.0.53 (localhost): TCP dead but UDP OK
WHATSSH : Is this an SSH that Centrify DirectControl Agent works well with: Pass
SSH : SSHD version and configuration : Note
: You are running OpenSSH_7.6p1 Ubuntu-4ubuntu0.1, OpenSSL 1.0.2n 7 Dec 2017.
DOMNAME : Check that the domain name is reasonable : Pass
ADDC : Find domain controllers in DNS : Pass
ADDNS : DNS lookup of DC wpdcp01-ic1-bfi.corp.xxx.com : Pass
ADPORT : Port scan of DC wpdcp01-ic1-bfi.corp.xxx.com 10.0.1.1: Pass
ADPORT : Port scan of DC wpdcp01-ic1-bfi.corp.xxx.com 10.99.1.1: Pass
ADDC : Check Domain Controllers : Pass
ADDNS : DNS lookup of DC wpdcp01-ic1-bfi.CORP.xxx.COM : Pass
GCPORT : Port scan of GC wpdcp01-ic1-bfi.CORP.xxx.COM 10.0.1.1: Pass
GCPORT : Port scan of GC wpdcp01-ic1-bfi.CORP.xxx.COM 10.99.1.1: Pass
ADGC : Check Global Catalog servers : Pass
DCUP : Check for operational DCs in corp.xxx.com : Pass
DNSSYM : Check DNS server symmetry : Pass
ADSITE : Check that this machine's subnet is in a site known by AD : Failed
: This machine's subnet is not known by AD.
TIME : Check clock synchronization : Pass
ADSYNC : Check domains all synchronized : Pass
1 serious issue was encountered during check. This must be fixed before proceeding
3 warnings were encountered during check. We recommend checking these before proceedingAnd here's the IP addresses for the machine:
root@nmsep01-ic1-bfi:~/centrify# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 4e:0f:ca:9c:f9:21 brd ff:ff:ff:ff:ff:ff
inet 10.99.2.1/16 brd 10.99.255.255 scope global ens18
valid_lft forever preferred_lft forever
inet6 fe80::4c0f:caff:fe9c:f921/64 scope link
valid_lft forever preferred_lft forever
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether e2:8a:a4:b9:1c:3b brd ff:ff:ff:ff:ff:ff
inet 10.0.2.1/16 brd 10.0.255.255 scope global ens19
valid_lft forever preferred_lft forever
inet6 fe80::e08a:a4ff:feb9:1c3b/64 scope link
valid_lft forever preferred_lft foreverDNS server issues are just caused by the new resolver system in Ubuntu 18.04, nothing to worry about there.
I do understand that the check can be overridden by installing it locally, but we have a lot of servers where this should be installed - that's why we went with Deployment Manager in the beginning.