Unable to join domain via VLAN

[Hellrazorx]

Hi, I got a DC running on LAN
Truenas Scale is runnning on VLAN3

Windows computers running on VLAN3 can join the Domain via DC running on LAN

But truenas, running with the same DHCP config cannot join the domain

I'm suspecting I'd need to give our friend Truenas a little help to find the way. Since windows computers can work their way in, I'm presuming network is OK.
Of course, if i'm letting TN on LAN, I can join the domain without any issues.

Any thoughts?

 

[Patrick M. Hausen]

The DC must be the configured DNS server of your TrueNAS. Does your DHCP server deliver that correctly?
Time and date must be synchronised.

 

[Hellrazorx]

Hi Patrick

Yes!

Name server is the DC
NTP First Entry IS the DC
Gateway is VLAN default gateway

I can properly ping my DC with it's DNS name..

I'm really puzzled about this

The DC must be the configured DNS server of your TrueNAS. Does your DHCP server deliver that correctly?
Time and date must be synchronised.

 

[Hellrazorx]

Just made a quick test with a fresh install,
Same VLAN.. Truenas can Connect to the DC.
Every parameter are the set automatically from the DHCP

At the point to where I am, I could easily get going with a fresh install but I'll try to find the bug on instance one.

 

[Hellrazorx]

Just made a quick test with a fresh install,
Same VLAN.. Truenas can Connect to the DC.
Every parameter are the set automatically from the DHCP

At the point to where I am, I could easily get going with a fresh install but I'll try to find the bug on instance one.

I guess I found it...

I disabled mDNS on TN one...

Been able to join with this option checked.

SO it seems like multicast dns is mandatory when connecting through VLAN

 

[Hellrazorx]

Sadly that wan't the end.
I experienced ''unhealthy'' status after reboot, troubles re authenticate on the domain.
May be reinstalled TN about 7-8 times to look for what breaks in the configurations.

Right now, I can uncheck the ''enable'' option into AD settings and Check it back on without an python script error.

Upon a reboot, the AD seems to be healthy but I still got a trouble waiting to arise:

There's a 0.00% job running:
Waiting to renew kerberos ticket. Current ticket expires: 03/03/23 01:34:30 UTC

I'm suspecting once the ticket expires, the AD status will fall to FAULT status then I'll probably need to:
- delete the Kerberos Keytab Machine account entry
- delete the Kerberos realm

And reauthenticate..

This is exhausting, any idea?

 

[Hellrazorx]

Sadly that wan't the end.
I experienced ''unhealthy'' status after reboot, troubles re authenticate on the domain.
May be reinstalled TN about 7-8 times to look for what breaks in the configurations.

Right now, I can uncheck the ''enable'' option into AD settings and Check it back on without an python script error.

Upon a reboot, the AD seems to be healthy but I still got a trouble waiting to arise:

There's a 0.00% job running:
Waiting to renew kerberos ticket. Current ticket expires: 03/03/23 01:34:30 UTC

I'm suspecting once the ticket expires, the AD status will fall to FAULT status then I'll probably need to:
- delete the Kerberos Keytab Machine account entry
- delete the Kerberos realm

And reauthenticate..

This is exhausting, any idea?

It seems I'm not alone there:

Task "renew kerberos ticket" hangs since the update.

Hello Immediately after the update to 22.12.1, this error message popped up: Critical Failed to check for alert ActiveDirectoryDomainHealth: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/middlewared/plugins/alert.py", line 776, in __run_source alerts = (await...

www.truenas.com

 

[Patrick M. Hausen]

Sorry, not me. All CORE in production, here.