Symantec Web Gateway Authentication setup fails with the error "NT_STATUS_CANT_ACCESS_DOMAIN_INFO Unable to join domain"

book

Article ID: 156174

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

When setting up an LDAP source in the Authentication settings of the Symantec Web Gateway and selecting one of the "Test" options, you receive the following error message:

"We're sorry, but an error occurred while contacting the domain controller: 255 get_schannel_session_key: could not fetch trust account password for domain 'Hostname' net_rpc_join_ok: failed to get schannel session key from server exampledomain.com for domain domain. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Unable to join domain ADTA."

This error happens when you have enabled NTLM Authentication.

Cause

This issue has been reported when the "Default Realm" defined in the NTLM Authentication settings section is incorrectly set.

Resolution

Check that the "Default Realm" is correctly set as per your deployment.

You must use the pre-Windows 2000 name specified in your Active Directory as your Default Realm. You can find the pre-Windows 2000 name on your configured Domain Controller, by going to "Active Directory Domains and Trusts", then right clicking on the Domain Name and selecting "Properties".

If the Default Realm is matching the pre-Windows 2000 name and you continue to see this error (with the Default Realm being only a partial domain name), it may be required to define a DNS suffix in the Administration > Configuration > Network page of the Web Gateway.