Share configuration in a multi domain forest environment

Question

Hi,

We have a multi-domain forest with a root domain and three child domains. Adaxes is currently installed in one of these child domain and i would like to deploy a new Adaxes server in another child domain. I created a new service account in that domain but i have trouble installing adaxes with the share configuration option.
I provide the credential of the default service account used for the first Adaxes server but i have the following error during the install :

Product: Softerra Adaxes 2011.3 -- Failed to install the service ADAM instance.
Active Directory Lightweight Directory Services could not create the NTDS Settings object for this Active Directory Lightweight Directory Services instance CN=NTDS Settings,CN=APHKGRES02$AdaxesBackend,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={3EF8BA34-68C3-4543-AD9D-21F6778140D6} on the remote AD LDS instance EUMSQRES10.eu.loi.net:48880. Ensure the provided network credentials have sufficient permissions.
Error code: 0x800706be
The remote procedure call failed.

I tried disabling the firewall without luck. I don't know where to check so if you have a clue.

Thanks in advance

Answer 1

Hello,

If you're sure that all ports are open, then this is likely to be a DNS issue.

Try using Telnet to access the computer where the Adaxes service is installed on port 135.

Comments

I tried several things :

I checked security event log and i have no blocked access.
I checked with adsiedit.msc the Adaxes LDS instance and i confirm that the problem arise o nthe NTDS Settings object. The installer create the CN=SERVERNAME$AdaxesBackend object but fails on creating the child NTDS Settings.
I tried to add SERVERNAME$ to Administrators role in LDS with no luck.

It becomes very difficult to delay the installation.

Thanks for your help.

---

Please launch the repadmin.exe tool on the computer where want to install the second instance of Adaxes service, and post the output here.

repadmin.exe /bind EUMSQRES10.eu.loi.net:48880 /u:domain\adaxesadmin /pw:secret

---

You point me to the right direction with the repadmin command.
Actually i checked RPC with RPCping, which was ok, but it seems that the test is not accurate enough.
Repadmin failed and that leads me to the following conclusion : that might be a network related problem.
Actually, we are using Cisco ASA firewall on each of our sites, and we had trouble sometimes ago with RPC. I asked to my network team to check that and they finally find an inspact map that was blocking RPC trafic.

It's working ok now.

Thanks for your help

---

That's great!

---

... and that's a great relief for our QA team ;)