Unable to Re-Register UNAB Endpoint in Active Directory
search cancel

Unable to Re-Register UNAB Endpoint in Active Directory


Article ID: 254369


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)


When attempting to re-register a UNAB endpoint in Active Directory, the following error occurs.

Binding to Active Directory...
SASL/GSSAPI authentication started
SASL username: [email protected]
SASL data security layer installed.
AD Schema version 87 (Windows Server 2016)
'unabendpoint01' will be used as the computer name for the endpoint in AD.
ERROR: The following object in AD has the same UserPrincipalName attribue as the endpoint. This is not allowed and will cause Kerberos errors:
ACTION: Please resolve the conflict in AD before attempting to register.


Unix Authentication Broker 12.8, 14.0, 14.1


When UNAB registers with Active Directory, it creates a computer object for the endpoint. If the server is rebuilt or there was an issue deregistering either during a reinstall or during troubleshooting, that object could be left in AD. If the computer object is there when UNAB attempts to register, the registration will fail with this error.


Verify that the object is not active and remove it from Active Directory, then run the register command again.