I'm sorry I did not get an update on this thread.
No problem.
I'm not sure I understand, are you saying that the issue went away or not?
The adflush fixed the problem, not the centrify update.
If the issue has not been resolved, then we need to debug.
I found another system that has the same behaviour.
Are you a commercial customer?
No, using centrify express.
The credential cache is renewed when the cache.flush.interval is hit or when there's a negative response; restarting the client does not imply an automatic flush.
Ok, good to know.
Can you please provide the de-identified output of the domain map? (adinfo -y domain)
# adinfo -y domain
System Diagnostic
========Domain info map========
DC=domain2,DC=lan
CN = DOMAIN2.LAN
SID = S-1-5-21-2808170103-917183174-659996841
TRUST_ATTRS = 0x20
TRUST_DIRECTION = 3
TRUST_TYPE = 2
NTLM NAME = DOMAIN2
LOCAL FOREST = YES
CN=domain1.lan,CN=System,DC=domain2,DC=lan
CN = DOMAIN1.LAN
SID = S-1-5-21-3214971259-2964318432-211451886
TRUST_ATTRS = 0x8
TRUST_DIRECTION = 3
TRUST_TYPE = 2
NTLM NAME = DOMAIN1
LOCAL FOREST = NO
Can you provide the ouptut of adinfo -y health?
# adinfo -y health
System Diagnostic
===============System Health===================
HealthStatus: Healthy
SubSystem: HostAuth
ErrCount: 1
LastSet: Mon Jan 30 10:05:56 2017
LastReset: Mon Jan 30 10:06:29 2017
LastCode: 1019
LastReason: KDC refused skey: Cannot resolve network address for KDC in requested realm
LastOperation: Host authenticate
Thanks.