Tips and troubleshooting for joining the BlackArmor NAS to an Active Directory domain
This article covers joining the BlackArmor to a domain using the BlackArmor Manager and resolving possible errors. In regards to our BlackArmor drive, Active Directory (AD) is used to authenticate users to access shares on the BlackArmor. This allows all the username and password information to be stored by the AD server, and not stored on the BlackArmor. The BlackArmor must first join the domain before it can participate. (Click here to be directed to Errors when attempting to join a domain.)
Accessing BlackArmor Manager and changing the Workgroup settings
To use the BlackArmor Discovery software:
Open the BlackArmor Discovery software.
Select the BlackArmor NAS from the list of Drives.
(Windows only) Click View Drive Details.
Click on Manage.
Using a web browser.
Enter the IP address into the Address field.
Once logged in, select Network, then Workgroup.
On the Workgroup page, select the Domain Member option.
Description of Fields
Domain Name - the full name of the domain. Typically it will be similar to the DNS domain name.
Domain NetBIOS Name - the short name of the domain. It is also the name as would be used in the NT Domain system. It is almost always the first part of the full domain name.
Domain Controller IP Address - the IP address of an AD domain controller of the domain we are joining. It does not accept hostnames/DNS.
Administrator - User on the domain with privileges to add a computer to the domain
There are many groups that may have the rights to add the computer. This is determined by site policy (Group Policy). Typically a user who is a member of Domain Admins, Enterprise Admins, or Administrator group is required.
For more information, see this Microsoft Technet article.
Password of the Administrator user
Successfully joining the Domain
Screen will go to a “Processing” page.
Then if the action was successful, a message of "'DOMAIN.NAME' domain joined successfully!" will be displayed.
Now we will discuss various Errors when attempting to join a domain.
NET_ERROR: Join ADS failed
Error message: “Failed to join domain! [NET_ERROR: Join ADS failed]”
This can indicate one of several errors.
Cause: The Domain Name was incorrect.
Solution: Verify Domain Name.
Cause: Incorrect Administrator user. The user is a valid domain user, but not part of the Domain Admins group.
Solution: Verify that the user is part of the Domain Admins or Administrator groups.
KINIT_ERROR: 'unable to reach any KDC in DOMAIN.NAME'
Error: Failed to join domain! [KINIT_ERROR: 'unable to reach any KDC in DOMAIN.NAME']
This means the Domain Controller IP Address is incorrect.
Solution: Correct the IP address of the domain controller.
KINIT_ERROR: 'Preauthentication failed'
Error: Failed to join domain! [KINIT_ERROR: 'Preauthentication failed']
This indicates the Administrator username and/or password is incorrect.
Solution: Enter the username and password again.
KINIT_ERROR: 'Clock skew too great'
Error: Failed to join domain! [KINIT_ERROR: 'Clock skew too great']
This indicates that the time set on the BlackArmor is more than 5 minutes different than the time on the Domain Controller.
Solution: Synchronize the clocks on the BlackArmor and the Domain controller. One way to do this is to set the NTP server to the Domain Controller. The NTP server can be set on the General Setup page under System.
NET_ERROR: No logon servers available to service the logon request
Error message: Failed to join domain. [NET_ERROR: No logon servers available to service the logon request]
Incorrect domain name. The Domain controller contacted doesn't control the full Domain Name entered. Either the user mistyped the "Domain Name" or they entered the wrong domain name.
Solution: Verify Domain Name and Domain Controller IP address.