Network and Storage Protocols

CIFS setup / AD authentication - KDC rejects requests error

druddle00
9,931 Views

Hello

I have a FAS3140 and am trying to register it with an MS2003 AD domain.  The filer has NTP set up to sync with the AD controller, so the time is the same.  When I run cifs setup, when you get to register the domain controllers, by entering the domain admin user/password it says “Could not authenticate with the domain controller.  KDC policy rejects request”.  The customer is not using RSA Secure ID, but is using Vasco Vacman Middleware, which does the same thing as the RSA Secure ID.  This cant be removed from the DC.

There is a solution ID KB11166 which describes this error but using RSA Secure ID.  We have also tried using cifs prefdc and pointing it at another domain controller and we get the same error.  There are no errors in the Windows event log on the DC.

Anyone have any ideas ?


Dave

1 ACCEPTED SOLUTION

roman_verysell
9,931 Views

At first, check twice your timezones into AD domain and filer.

Pay attention: TZ:GMT+1 and, for example, TZ:Europe/Berlin is the same in times, but different for AD controller.

You need to set _same_ timezones for AD and filer, not only NTP sync.

View solution in original post

2 REPLIES 2

roman_verysell
9,932 Views

At first, check twice your timezones into AD domain and filer.

Pay attention: TZ:GMT+1 and, for example, TZ:Europe/Berlin is the same in times, but different for AD controller.

You need to set _same_ timezones for AD and filer, not only NTP sync.

druddle00
9,931 Views

Hi Roman

The DC was set to GMT and the filer was set to Europe/London.  So I changed the filer to GMT and rerun cifs setup and it completed with no errors.

That is very strange !!

Dave

Public