Domain join fails if LDAP server requires Signing

Version 1

    Joining a domain fails if the Domain policy LDAP server signing requirements is set to Required Signing.

     

    ---Solution---

     

    The Snap server may not successfully join a domain configured with high security restrictions. One such security setting is the policy LDAP server signing requirements. If the policy is defined as Required Signing, the Snap server will fail to join and return this error.

     

    Failed to join the PDC server. Check network availability and PDC server status.

     

    To check whether the domain join failure is due to a policy and not a communication failure, intentionally specify the incorrect password of the account used to join the domain. The error \?Incorrect password and/or username\? will return along with the first message.

     

    Failed to join the PDC server. Check network availability and PDC server status.

    Incorrect password and/or username

     

    LDAP server signing is not supported by the Snap server at this time. In order to join the domain successfully, ensure the policy for the domain is set to none or not defined.

     

    [b]NOTE: The Windows server requires a reboot for the setting to take effect.[/b]

     

    Additional References

    Windows Server 2003 Security Guide

    http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx

     

    Windows XP Security Guide

    http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch03.mspx

     

     

     

     

     

    entryID:8586