0 votes

Hi,

We have a multi-domain forest with a root domain and three child domains. Adaxes is currently installed in one of these child domain and i would like to deploy a new Adaxes server in another child domain. I created a new service account in that domain but i have trouble installing adaxes with the share configuration option.
I provide the credential of the default service account used for the first Adaxes server but i have the following error during the install :

Product: Softerra Adaxes 2011.3 -- Failed to install the service ADAM instance.
Active Directory Lightweight Directory Services could not create the NTDS Settings object for this Active Directory Lightweight Directory Services instance CN=NTDS Settings,CN=APHKGRES02$AdaxesBackend,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={3EF8BA34-68C3-4543-AD9D-21F6778140D6} on the remote AD LDS instance EUMSQRES10.eu.loi.net:48880. Ensure the provided network credentials have sufficient permissions.
Error code: 0x800706be
The remote procedure call failed.

I tried disabling the firewall without luck. I don't know where to check so if you have a clue.

Thanks in advance

by (800 points)

1 Answer

0 votes
by (18.0k points)

Hello,

If you're sure that all ports are open, then this is likely to be a DNS issue.

Try using Telnet to access the computer where the Adaxes service is installed on port 135.

0

Telnet 135 is ok, and DNS resolution si fine.

Other place i can look at for ?

0

Are there any errors in the Event Log on the computer where the first instance of Adaxes is installed?

0

I checked Application, System, ADAM backend, and Adaxes event logs and i saw nothing.

0

Our QA team is now doing their best to reproduce your issue in our environment.

0

Did you recently change the password of the account used by the Adaxes service?
The local credential cache can be the cause of the problem. Please try cleaning the cache on both computers using Windows Credential Manager.

0

No change but i will try that anyway

0

What Windows versions (including service packs) are installed on both computers and what is the domain functional level and forest functional level?

0

Windows 2008 R2 SP1 on both servers
Domain functional level is 2003 in both child domains.
Forest functional level is Windows 2003 too.

0

I tried several things :

I checked security event log and i have no blocked access.
I checked with adsiedit.msc the Adaxes LDS instance and i confirm that the problem arise o nthe NTDS Settings object. The installer create the CN=SERVERNAME$AdaxesBackend object but fails on creating the child NTDS Settings.
I tried to add SERVERNAME$ to Administrators role in LDS with no luck.

It becomes very difficult to delay the installation.

Thanks for your help.

0

Please launch the repadmin.exe tool on the computer where want to install the second instance of Adaxes service, and post the output here.

repadmin.exe /bind EUMSQRES10.eu.loi.net:48880 /u:domain\adaxesadmin /pw:secret

0

You point me to the right direction with the repadmin command.
Actually i checked RPC with RPCping, which was ok, but it seems that the test is not accurate enough.
Repadmin failed and that leads me to the following conclusion : that might be a network related problem.
Actually, we are using Cisco ASA firewall on each of our sites, and we had trouble sometimes ago with RPC. I asked to my network team to check that and they finally find an inspact map that was blocking RPC trafic.

It's working ok now.

Thanks for your help

0

That's great!

0

... and that's a great relief for our QA team ;)

Related questions

0 votes
1 answer

Hello! I have an environment with three separate forests. One has Exchange 2010, the second has Exchange 2013 and the third has Exchange 2016. These environments don't have a ... an internal CA. Somebody please help me because I feel like I"m going crazy.

asked Jan 11, 2018 by loliver (120 points)
0 votes
1 answer

Hi Everyone We have 3 Adaxes services set up around the globe and followed the MS SQL replication how-to (https://www.adaxes.com/help/EnableDatabaseReplication/) to then ... use their local SQL server and make use of the SQL replication setup? Thanks, Felix

asked Jul 24 by felix (150 points)
0 votes
1 answer

So we have a new domain , lets say @def.com. It's within our primary domain @abc.com...this was done due to a company split. What changed for our users were their ... operational. LDAP Server unavailable" If I use my @abc.com, it works. Please advise. thanks

asked Oct 1, 2013 by MeliOnTheJob (1.7k points)
0 votes
0 answers

We have a multiforest set up. One of the domains is a non hybrid. Whenever a user is created in that domain it gives an error saying- 'Property 'ms-exch-target- ... active Directory schema'. How can we write an exception while adding to that non-hybrid domain?

asked Oct 31, 2022 by Aishwarya Gavali (40 points)
0 votes
1 answer

I am looking for the option to be able to utilize this with a Multi-Domain/Multi-Tenant Environment. Provide specific managers on a specific domain under a client access, etc.

asked Nov 25, 2020 by dcenrage (20 points)
3,549 questions
3,240 answers
8,232 comments
547,822 users