we have 5 IC/UAC servers that have been in produiction for a month or so... Just last week, two of them started losing their connection to AD and we would have to "Reset Join" for them to respons to authentication. The other three servers are just fine... One of the servers with a problem is in a Active/Passive cluster with another applliance inthe same data center, and the secondary box is just fine...
Anyone seen that before?
I understand the issue , we may need to look in to the IC event logs, tcp dump taken from both the nodes in cluster to identify the possible cause, it is also important to know in which version this issue is seen.
We may also need to say if there is any external factors causing this issue. I recommend you to open a case with Juniper TAC on this with the above mentioned information to identify the possible cause and fix for this issue.
I opened up a ticket, but we found the problem before TAC got back with anything...
Aparently the IC servers don't generate a random/unique "Computer" name if you leave it at the default when setting up the AD connector.
Two of our servers automatically generated the same Computer name, so each one kept resetting the AD credentials and locking the other one out...
Once I changed one of them to a different name, both appliances seemed to behave normally...
Thanks for your update, I am gald that your issue resolved by changing the computer name in AD instance on one of the IC in cluster.
You can monitor the progress and revert for any issues