9 Replies Latest reply on Mar 13, 2015 8:04 AM by addias

    Unable to Join Web gateway 7.5.0.3.0 to domain

    georgi_ar

      Hi,

       

      I am unable to to join my Web Gateway to my domain. (Domain is on Server 2012 R2 Functional level is on Windows 2012)

      Version of Web Gateway is 7.5.0.3.0

      This is a new fresh installation.

      I am receiving the below error:

      join.PNG

       

      Below are the errors that I can view in the mwg-core__Auth.debug.log

       

      [2015-01-21 14:54:20.866 +00:00] [8788] NTLM: Exception "socket error (errno: 104 - 'Connection reset by peer') during read operation on message socket 63" when reading data from DC 192.168.10.10 tmpBuf: 0 fBuf: 0 port: 43296

      [2015-01-21 15:17:25.595 +00:00] [8788] NTLM: Exception "socket error (errno: 104 - 'Connection reset by peer') during read operation on message socket 63" when reading data from DC 192.168.10.10 tmpBuf: 0 fBuf: 0 port: 43511

      [2015-01-21 15:17:31.538 +00:00] [8788] NTLM: Exception "socket error (errno: 104 - 'Connection reset by peer') during read operation on message socket 63" when reading data from DC 192.168.10.10 tmpBuf: 0 fBuf: 0 port: 43514

      [2015-01-21 16:47:13.853 +00:00] [8788] NTLM: Exception "socket error (errno: 104 - 'Connection reset by peer') during read operation on message socket 65" when reading data from DC 192.168.10.10 tmpBuf: 0 fBuf: 0 port: 44128

      [2015-01-21 16:48:26.629 +00:00] [8788] NTLM: Exception "socket error (errno: 104 - 'Connection reset by peer') during read operation on message socket 65" when reading data from DC 192.168.10.10 tmpBuf: 0 fBuf: 0 port: 44141

      [2015-01-21 16:48:58.150 +00:00] [8788] NTLM: Exception "socket error (errno: 104 - 'Connection reset by peer') during read operation on message socket 65" when reading data from DC 192.168.10.10 tmpBuf: 0 fBuf: 0 port: 44148

       

      Below is the TCP stream from Wireshark output from the DC. (Windows firewall is off on the DC)

      wire.PNG

      Any suggestions are appreciated.

        • 1. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
          vkleineh

          Hi,

           

          The MWG screenshot shows "Wrong credentials", so I recommend to double check the Administrator name and password.

          From the Tcpdump, you can see the DC is closing the connection with a reset. Please see the DC logs for the reason.

           

          - Volker

          • 2. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
            bjoernt

            Does the Computer Account for the MWG already exist in your AD? If that is so then you must enable the setting "Overwriting existing account" to join the domain. Here is another Thread to join in Domain:

            Integrate Web Gateway to Active Directory

            BR

            Bjoern

            • 3. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
              georgi_ar

              Credentials are correct.

              I've also tried with other Domain Administrator. Result is the same.

              MWG computer account does not exist in AD.Also tried with the "Overwriting existing account" selected, but same result.

               

              As Volker said, I also presume that something on the DC side is accepting the connection or something..

               

              Volker, could please let me know to which logs you are referring on the DC.

               

              Thank you.

              • 4. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
                vkleineh

                Hi,

                 

                Sorry but I have no experience with DC logs. I only see from the tcpdump that the DC is closing the connection after getting the MWG request. You also see this from the auth debug log. "Connection reset by peer" means the server closed the connection. The DC should show somewhere why it is not accepting the connection.

                 

                - Volker

                • 5. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
                  georgi_ar

                  Hi,

                   

                  Just wanted to give you a feedback and the final resolution/workaround.

                  Unfortunately I could not find the cause of the issue.

                  However it was residing at the DC.

                  I have a second DC (which was not primary) to which I managed to join the WebGateway.

                  To my knowledge they are all the same at configuration level (GPO, user accounts, firewall and so on). Maybe there was something else that I could not mange to find.

                  • 6. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
                    M Bagheryan M

                    It is normal to have error here because you wrote the IP instead of full Domain Controller Name.

                     

                    Do as it is shown in example below:

                    Domain.PNG

                    Check it.

                     

                    Enjoy.

                    M. B. M

                    • 7. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
                      georgi_ar

                      Hi M Bagheryan M,

                       

                      Thank you for your reply.

                      This is not the cause of the issue in my case as it was tested also with the FQDN.

                      The cause was residing in the DC itself, but could not manage to find what it was.

                      • 8. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
                        bjoernt

                        Are error in the Logs of the Domaincontroller?

                        • 9. Re: Unable to Join Web gateway 7.5.0.3.0 to domain
                          addias

                          I'm having the same problem mentioned above.

                           

                           

                          The following message appears in the log:

                           

                          [2015-03-09 01:23:51.006 -03:00] [12578] NTLM: Exception "timeout during read operation on message socket 61" when reading data from DC 10.41.1.46 tmpBuf: 0 fBuf: 0 port: 13425

                          [2015-03-09 01:23:53.262 -03:00] [12578] NTLM: Thread 0x7fbd3db36a50 Domain anp id 15 failed to reconnect to DC 10.41.1.46

                          [2015-03-09 01:23:53.262 -03:00] [3958] NTLM: Disconnected from DC 10.41.1.46 in domain anp

                          [2015-03-09 01:23:58.323 -03:00] [3958] NTLM: Connected to DC 10.41.1.46 in domain anp

                          [2015-03-09 03:36:50.610 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-09 07:36:50.433 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-09 10:26:05.540 -03:00] [12578] NTLM: Exception "timeout during read operation on message socket 63" when reading data from DC 10.41.1.46 tmpBuf: 0 fBuf: 0 port: 13826

                          [2015-03-09 10:26:06.726 -03:00] [12578] NTLM: Exception "timeout during read operation on message socket 63" when reading data from DC 10.41.1.46 tmpBuf: 0 fBuf: 0 port: 25137

                          [2015-03-09 10:26:06.771 -03:00] [12578] NTLM: Thread 0x7fbd3db36a50 Domain anp id 15 reconnected to DC 10.41.1.46

                          [2015-03-09 11:31:48.194 -03:00] [3958] NTLM: updated machine account password for domain anp

                          [2015-03-09 11:31:48.264 -03:00] [12578] NTLM: Thread 0x7fbd3db36a50 Domain anp id 15 - shutdown (2)

                          [2015-03-09 11:31:48.593 -03:00] [3958] NTLM: Connected to DC 10.41.1.46 in domain anp

                          [2015-03-09 11:31:48.612 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-09 15:31:48.493 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-09 15:50:25.324 -03:00] [11342] NTLM: Exception "timeout during read operation on message socket 131" when reading data from DC 10.41.1.46 tmpBuf: 0 fBuf: 0 port: 31056

                          [2015-03-09 15:50:27.414 -03:00] [3958] NTLM: Disconnected from DC 10.41.1.46 in domain anp

                          [2015-03-09 15:50:27.489 -03:00] [11342] NTLM: Thread 0x7fbd3db3ba30 Domain anp id 16 failed to reconnect to DC 10.41.1.46

                          [2015-03-09 15:50:32.483 -03:00] [3958] NTLM: Connected to DC 10.41.1.46 in domain anp

                          [2015-03-09 19:31:48.314 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-09 23:31:48.110 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-10 01:40:40.703 -03:00] [11342] NTLM: Exception "timeout during read operation on message socket 123" when reading data from DC 10.41.1.46 tmpBuf: 0 fBuf: 0 port: 58275

                          [2015-03-10 01:40:42.740 -03:00] [3958] NTLM: Disconnected from DC 10.41.1.46 in domain anp

                          [2015-03-10 01:40:42.759 -03:00] [11342] NTLM: Thread 0x7fbd3db3ba30 Domain anp id 16 failed to reconnect to DC 10.41.1.46

                          [2015-03-10 01:40:47.825 -03:00] [3958] NTLM: Connected to DC 10.41.1.46 in domain anp

                          [2015-03-10 03:31:47.888 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-10 07:31:47.725 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-10 10:28:38.578 -03:00] [11342] NTLM: Exception "timeout during read operation on message socket 71" when reading data from DC 10.41.1.46 tmpBuf: 0 fBuf: 0 port: 38955

                          [2015-03-10 10:28:40.695 -03:00] [3958] NTLM: Disconnected from DC 10.41.1.46 in domain anp

                          [2015-03-10 10:28:40.700 -03:00] [11342] NTLM: Thread 0x7fbd3db3ba30 Domain anp id 16 failed to reconnect to DC 10.41.1.46

                          [2015-03-10 10:28:45.791 -03:00] [3958] NTLM: Connected to DC 10.41.1.46 in domain anp

                          [2015-03-10 11:31:47.579 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                          [2015-03-10 14:58:07.708 -03:00] [3958] NTLM: Updated account definition for domain anp

                          [2015-03-10 14:58:07.838 -03:00] [11342] NTLM: Thread 0x7fbd3db3ba30 Domain anp id 16 - shutdown (2)

                          [2015-03-10 14:58:08.005 -03:00] [3958] NTLM: Connected to DC 10.41.1.125 in domain anp

                          [2015-03-10 14:58:08.045 -03:00] [3958] NTLM: Updated list of trusted domains for domain anp

                           

                           

                          Any idea what may be causing this problem of communication?

                           

                           

                          the problem is in DC or the Web Gateway?