0 votes

Hi,

We have a multi-domain forest with a root domain and three child domains. Adaxes is currently installed in one of these child domain and i would like to deploy a new Adaxes server in another child domain. I created a new service account in that domain but i have trouble installing adaxes with the share configuration option.
I provide the credential of the default service account used for the first Adaxes server but i have the following error during the install :

Product: Softerra Adaxes 2011.3 -- Failed to install the service ADAM instance.
Active Directory Lightweight Directory Services could not create the NTDS Settings object for this Active Directory Lightweight Directory Services instance CN=NTDS Settings,CN=APHKGRES02$AdaxesBackend,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={3EF8BA34-68C3-4543-AD9D-21F6778140D6} on the remote AD LDS instance EUMSQRES10.eu.loi.net:48880. Ensure the provided network credentials have sufficient permissions.
Error code: 0x800706be
The remote procedure call failed.

I tried disabling the firewall without luck. I don't know where to check so if you have a clue.

Thanks in advance

by (800 points)

1 Answer

0 votes
by (18.0k points)

Hello,

If you're sure that all ports are open, then this is likely to be a DNS issue.

Try using Telnet to access the computer where the Adaxes service is installed on port 135.

0

I tried several things :

I checked security event log and i have no blocked access.
I checked with adsiedit.msc the Adaxes LDS instance and i confirm that the problem arise o nthe NTDS Settings object. The installer create the CN=SERVERNAME$AdaxesBackend object but fails on creating the child NTDS Settings.
I tried to add SERVERNAME$ to Administrators role in LDS with no luck.

It becomes very difficult to delay the installation.

Thanks for your help.

0

Please launch the repadmin.exe tool on the computer where want to install the second instance of Adaxes service, and post the output here.

repadmin.exe /bind EUMSQRES10.eu.loi.net:48880 /u:domain\adaxesadmin /pw:secret

0

You point me to the right direction with the repadmin command.
Actually i checked RPC with RPCping, which was ok, but it seems that the test is not accurate enough.
Repadmin failed and that leads me to the following conclusion : that might be a network related problem.
Actually, we are using Cisco ASA firewall on each of our sites, and we had trouble sometimes ago with RPC. I asked to my network team to check that and they finally find an inspact map that was blocking RPC trafic.

It's working ok now.

Thanks for your help

0

That's great!

0

... and that's a great relief for our QA team ;)

Related questions

0 votes
1 answer

Hello! I have an environment with three separate forests. One has Exchange 2010, the second has Exchange 2013 and the third has Exchange 2016. These environments don't have a ... an internal CA. Somebody please help me because I feel like I"m going crazy.

asked Jan 11, 2018 by loliver (120 points)
0 votes
1 answer

So we have a new domain , lets say @def.com. It's within our primary domain @abc.com...this was done due to a company split. What changed for our users were their ... operational. LDAP Server unavailable" If I use my @abc.com, it works. Please advise. thanks

asked Oct 1, 2013 by MeliOnTheJob (1.7k points)
0 votes
0 answers

We have a multiforest set up. One of the domains is a non hybrid. Whenever a user is created in that domain it gives an error saying- 'Property 'ms-exch-target- ... active Directory schema'. How can we write an exception while adding to that non-hybrid domain?

asked Oct 31, 2022 by Aishwarya Gavali (40 points)
0 votes
1 answer

I am looking for the option to be able to utilize this with a Multi-Domain/Multi-Tenant Environment. Provide specific managers on a specific domain under a client access, etc.

asked Nov 25, 2020 by dcenrage (20 points)
0 votes
1 answer

This note is found in the documentation on how to configure allowed domains in Adaxes 2023. Allowed domain names can only be selected from the alternative UPN suffixes for on- ... required to pick up the change, or is there another way to trigger the update?

asked Jan 31, 2023 by dtb147 (290 points)
3,326 questions
3,026 answers
7,727 comments
544,683 users