Reset Search
 

 

Article

NAC / Access Control shows Failed to Join Domain with a NT_STATUS_CONNECTION_RESET in the tag.log

« Go Back

Information

 
TitleNAC / Access Control shows Failed to Join Domain with a NT_STATUS_CONNECTION_RESET in the tag.log
Symptoms
802.1x users are not able to authenticate.
logs show a NT_STATUS_CONNECTION_RESET and controller fails to join the domain.
 
2016-10-13 15:55:30,163 ERROR [SambaInstallationManager] Failed to join domain: "XXXXX.XXX.EDU" for user: "nacproxy" with error code: 1
        ADS join did not work, falling back to RPC...
        Unable to find a suitable server for domain XXXXX
        Unable to find a suitable server for domain XXXXX
        Failed to join domain: failed to lookup DC info for domain 'XXXXX.XXX.EDU' over rpc: NT_STATUS_CONNECTION_RESET

A trace will show a TCP reset when attempting to Connect to Samba.
User-added image

Further breakdown of the packet will reveal it requesting what types of LM and NTLM versions it can handshake on.
User-added image
Environment
  • Windows Server 2012R2
  • NAC
  • Access Control Engine
Cause
The server has been set to talk with SMBv2 only. A trace from the server will confirm that is is communicating with other devices over SMBv2 Only as the protocol.
Resolution
For resolution, please follow the steps provided by Microsoft to address this.
https://support.microsoft.com/en-us/kb/2976994

 
Additional notes
The tag.log is located on the nac/access control appliance under the /var/log directory.
the command nacctl restart && tail -f tag.log will display the connection to the LDAP server. You will need to hit CNTRL-C when "NAC ENGINE STARTED" appears in the log.
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255