i have failed test configuration with AD server but i can use AD user account to login although admin credential is correct and time sync with AD. Do you all know what is the root cause? one more question do i need to create account in AD server or it will auto detect and join? what i need to do in container name?
Error while joining domain PSDC. Possible causes:
- The specified administrator credentials do not properly authenticate.
- The specified domain or domain controller may not be valid.
Also, the device's clock must be in sync with the Active Directory server.
The problem could be that you have done this:
but the domain needs to be "TEST"
Also try the belwo KB to see if it helps:
Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!
i try follow your link and configure as example but still face test configuration failled. my window server is 2008R2. but now my AD user can login sslvpn with their AD account. does the test configuration failed didn't effect real live AD authentication?
admin account= [email protected]
Based on the role mapping rules user may or may not be able to get mapped to role.
If the role mapping is based on username role mapping wwill work and user will be signed in.
However, if the role mapping is configured for groups in that case role mapping would fails and user will not be able to login.
You have fix the ad related error under the auth server configuration
and as per the previous update for admin account just use the Samaccountname ie
when configuring the primary and back-up server instead of using the ip address use their Fully qualified domain name check if that helps?
Yes, it is possible for the test configuration to fail but still be able to complete login successfully. Using that style of admin credential can cause configuration testing failure. Are you using role mapping based on group membership or usernames?
One thing you can easily verify to see if your admin account used in SA setup is good is to look in the computer OU of your AD to see if the SA managed to register himself in it.
The default name is a combination of random letters, and can be seen in the SA AD configuration page, at the below in advanced settings.
I am totally agree with your point view "SA has to be successfully in Computer OU of AD".
Domain name Should be NetBIOS name not FQDN.
AD admin user or service account should have full acces to join the Domain.