Solutions

When joining a Windows Domain with the ProxySG I am required to use Administrator account.

Solutions ID:    KB4863
Version:    2.0
Status:    Published
Published date:    01/13/2012
Updated:    01/17/2012
 

Problem Description

As per the documentation Blue Coat recommends the use of Administrator account to join the SG to a Windows domain. It is possible however to join the domain using a workaround without using an Administrator account. Blue Coat Engineering is investigating the ability for a normal user account to be utilized without using workarounds.

The reason the failure occurs when using a normal user account is because the SG is trying to set Delegation on the computer object after it is created in the AD tree. A normal user is not able to set Delegation and the error you see is:

ERROR_PRIVILEGE_NOT_HELD

In the eventlog you will find:

[LsaSrvProviderIoControl() /home/service-releng/p4/scorpius/sg_6_3/src/security/likewise/lsass/server/api/provider.c:112] Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 1314, symbol = ERROR_PRIVILEGE_NOT_HELD, client pid = 0"  0 250034:1   sg_syslog.cpp:78

Resolution

 To work around this problem you must do the following:

1) Use the Administrator account as per the documentation. This negates the problem and you will not see the error at all.

2) If you have already received the error you can login to your Active Directory Server and browse to the Computer object created for the ProxySG. Right click on that object and select Properties, and then Delegation.  Change the radio button to the "Trust this computer for delegation to any service" option and click apply. Return to your proxy SG and login again using the same user credentials you tried previously that failed. You should find that this time the join works.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question