ts-439proii, AD join fails with failed to set machine SPN

Questions about using Windows AD service.
Post Reply
wesselcolsen
Starting out
Posts: 28
Joined: Wed Apr 28, 2010 7:31 pm

ts-439proii, AD join fails with failed to set machine SPN

Post by wesselcolsen »

When trying to join my windows domain I get the following error, however all is specified well, timesync is in sync up to the second (as is timezone etc), and DNS of both DC's works perfectly.

The account gets created (qnap) in the computers container, but the error below makes that the settings do not stick.


Code: Select all

Microsoft network settings failed. Please check the DNS server, domain name, and user name and password for logging in the domain.

======== DEBUG START ======= 
/usr/local/samba/bin/net time set -S dc1.hoefstraat.local 
[command] echo ******** | /usr/bin/kinit "admwessel@HOEFSTRAAT.LOCAL" 
Password for admwessel@HOEFSTRAAT.LOCAL: 
Specify WORKGROUP = HOEFSTRAAT 
[command] /usr/local/samba/bin/net ads join -S dc1 -U "admwessel%********" -s /etc/config/smb.conf 
Failed to join domain: failed to set machine spn: Operations error 
[command] /usr/local/samba/bin/net ads join -S dc1.hoefstraat.local -U "admwessel%********" -s /etc/config/smb.conf 
Failed to join domain: failed to set machine spn: Operations error 
[command] /usr/local/samba/bin/net ads join -U "admwessel%********" -s /etc/config/smb.conf 
Failed to join domain: failed to set machine spn: Operations error 
QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: ts-439proii, AD join fails with failed to set machine SP

Post by QNAPJauss »

wesselcolsen wrote:When trying to join my windows domain I get the following error, however all is specified well, timesync is in sync up to the second (as is timezone etc), and DNS of both DC's works perfectly.

The account gets created (qnap) in the computers container, but the error below makes that the settings do not stick.


Code: Select all

Microsoft network settings failed. Please check the DNS server, domain name, and user name and password for logging in the domain.

======== DEBUG START ======= 
/usr/local/samba/bin/net time set -S dc1.hoefstraat.local 
[command] echo ******** | /usr/bin/kinit "admwessel@HOEFSTRAAT.LOCAL" 
Password for admwessel@HOEFSTRAAT.LOCAL: 
Specify WORKGROUP = HOEFSTRAAT 
[command] /usr/local/samba/bin/net ads join -S dc1 -U "admwessel%********" -s /etc/config/smb.conf 
Failed to join domain: failed to set machine spn: Operations error 
[command] /usr/local/samba/bin/net ads join -S dc1.hoefstraat.local -U "admwessel%********" -s /etc/config/smb.conf 
Failed to join domain: failed to set machine spn: Operations error 
[command] /usr/local/samba/bin/net ads join -U "admwessel%********" -s /etc/config/smb.conf 
Failed to join domain: failed to set machine spn: Operations error 
Dear wesselcolsen,

I seems that the user used to join your AD has enough privileges to create the computer account, but not to update it.
I would suggest :
- first i would try with another account that is a domain administrator.
- try to remove the old computer account before you try to join again.
- Do you have any error message in your DC events log ? authentication failed ? error ? any unusual messages ?

What firmware do you have on your NAS ? and what version of windows is your domain controller ?
I see that your DC name is "dc1". Do you have multiple DC ?

BR,
Jauss
wesselcolsen
Starting out
Posts: 28
Joined: Wed Apr 28, 2010 7:31 pm

Re: ts-439proii, AD join fails with failed to set machine SP

Post by wesselcolsen »

i do infact have several dc's, the account i am using is the (renamed) domain administrator account. the dc1 i am refering to is the primary dc. tried a dcdiag already but no luck. No eventlogs that look suspicious at all. it seems as if the account gets created in the Ad properly, but the script (or net ads join command) does not terminate properly.
wesselcolsen
Starting out
Posts: 28
Joined: Wed Apr 28, 2010 7:31 pm

Re: ts-439proii, AD join fails with failed to set machine SP

Post by wesselcolsen »

Just tried with a newly made account, and it worked!

Even though the admwessel account is in fact the first (and real) renamed 'administrator' account, it failed to work and gave the above error. My qnaps now joined to the AD. Thanks! Hope my post will help others who might come across this problem!
QNAPJauss
QNAP Staff
Posts: 499
Joined: Fri Oct 02, 2009 12:18 pm
Location: Taipei, TAIWAN

Re: ts-439proii, AD join fails with failed to set machine SP

Post by QNAPJauss »

wesselcolsen wrote:Just tried with a newly made account, and it worked!

Even though the admwessel account is in fact the first (and real) renamed 'administrator' account, it failed to work and gave the above error. My qnaps now joined to the AD. Thanks! Hope my post will help others who might come across this problem!
Dear wesselcolsen,

Thank you for your feed back.

BR,
Jauss
dbadge
First post
Posts: 1
Joined: Thu Sep 03, 2015 8:25 pm

Re: ts-439proii, AD join fails with failed to set machine SP

Post by dbadge »

wesselcolsen wrote:Just tried with a newly made account, and it worked!

Even though the admwessel account is in fact the first (and real) renamed 'administrator' account, it failed to work and gave the above error. My qnaps now joined to the AD. Thanks! Hope my post will help others who might come across this problem!
/Necro --
Just wanted to say thanks for this, I just ran into this today and it was driving me nuts until I found this post which solved my problem.
Post Reply

Return to “Windows Domain & Active Directory”