RTFP - read this friendly post
In the base setup you are specifying a domain, for which you enter the DCs serving this single domain.
In the input field Configured Domain Controllers, specify one or more domain controllers. This should be done by typing their dns names.
IP addresses may also be used here, but this could in some cases lead to problems with correctly assigning users to their domains. This means that a user would have to submit a domain name together with the usual credentials in order to be authenticated.
When specifying more than one controller, separate entries by commas. Note also that any host name you specify here must be resolvable.
Note, furthermore, that McAfee Web Gateway will connect only to one domain controller at a time. If more than one controller is configured, McAfee Web Gateway will try to connect to the first in the list, and in case this one is down, go through the list retrying until a connection has been established successfully.
Alternatively in case MWG is using a DNS infrastructure which is based on Windows Domains, you can leave the filed die DCs blank and just let MWG read the SRV records in DNS (it tries that when the DC field is blank)
I tried to remove the currently configured domain controllers and I got a "HandleGUIRequest: too few parameters..." on the semi-production proxy
So I tried recreating the domain join on a test machine and it does not allow me to have null for configured Domain Controllers either giving me "java.lan.NullPointerException" when I try to save. My AD admin would prefer for the proxy to use SRV records to get the Domain Controllers to contact as opposed to hardcoded list. Would you perhaps know how to setup AD membership without putting the Configured Domain Controllers in the comma separated list?
I don't enter my DCs explicity and always use the SRV records on mine and it doesn't give me an error.
Make sure that your DNS server has proper forward and reverse entries so AD can lookup the gateway.
I also make sure my gateway has the search entry in resolv.conf so it can lookup host names in my domain too:
file editor -> /etc/resolv.conf
### BEGIN AUTOGENERATED CONFIG
### END AUTOGENERATED CONFIG
search domain.local domain.com
I would try removing / joining the domain again. Just use the Overwrite existing account checkmark.
Oh so in the McAfee Linux 1.0 we can adjust the conf files in the OS as long as it's outside the ### marks? That was confusing for me as I thought anything in those files was overwritten when the McAfee service started up. It looks like you put your resolv.conf settings outside the comments so it will survive a reboot?
It very well could be an issue with DNS as it's the test box in the test lab yadda yadda. The the other is now "prod" so I don't have the pwd to disjoin and rejoin, and have to wait till after hours and such. I'll keep messing around with it.