Attempting to join to domain or log in with an AD user and receiving the following error:
"KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm
Reason: unable to reach any KDC in realm <Domain Name>"
CAUSE 1:
There may be a problem with the DNS setup.
In the /etc/nsswitch.conf file:
passwd: files
group: files
hosts: files
The entry for hosts did not have dns (see Resolution).
CAUSE 2:
Another possible problem is the firewall configuration. Make sure that all required ports are open to domains (including root domain).
RESOLUTION 1.1:
Edit the /etc/nsswitch.conf file:
passwd: files vas3
group: files vas3
hosts: files dns
RESOLUTION 1.2:
Edit /etc/resolv.conf
Enter your DNS server
RESOLUTION 1.3:
/opt/quest/bin/vastool configure vas libvas use-tcp-only true
RESOLUTION 2:
Correct firewall rules to open up all required ports
Please peform DNS troubleshooting:
Did you create a SRV record for the Unix machine in your DNS?
Can you ping the unix client from DC?
Can you ping the DC from the Unix machine?
Can you ping the domain?
nslookup _ldap._tcp.<domain>
nslookup _ldap._tcp.dc._msdcs.<domain>
nslookup <DC FQDN>
If you are still having problem, open up a case with Tech support and send the resultant data of the following commands done from the client:
1. /opt/quest/bin/preflight <your domain.com> 2>&1 | tee /tmp/preflight
2. Please add -d5 to the join command and pipe the ouput of the command to a file like below:
Vastool -d5 -u <user> join <your domain> <add other options for your environment> 2>&1 | tee /tmp/vastooljoin_debug
3. /opt/quest/libexec/vas/scripts/vas_snapshot.sh
It will create vas_snapshot.(machine-name).tar.gz file in your /tmp directory. Please send me the vas_snapshot.(machine-name).tar.gz file.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center