Error: CentrifyDC is in disconnected mode.

Centrify Disconnect Error

How to Fix CentrifyDC is in disconnected mode

Centrify is a single sign on solution for Linux, if CentrifyDC is disconnected and cache is flushed you will no longer be able to login.

Confirm that services are running

/etc/init.d/centrifydc status
/etc/init.d/centrify-sshd status
/etc/init.d/centrify-kcm status

If any of the services is off start it by using '/etc/init.d/centrifydc restart'

 

Check CentrifyDC Status Command

adinfo

Output:

Local host name: servername
Joined to domain: domain.name
Joined as: hostname.domain
Pre-win2K name: oldername
Current DC: dc
Preferred site: info
Zone: info
CentrifyDC mode: disconnected
Licensed Features: Enabled

Above example shows that Centrify is disconnected, be sure not to flush or delete cache using 'adflush'

Check AD Connectivity

adinfo -T

Output should show 'good' in front of the protocols.

Confirm connectivity

Find server

adinfo --server

Try to ping the server inside 'Joined to domain:' in adinfo output to be sure that it's replying and you can reach it.

 

Debug CentrifyDC Log

First i will enable debug and log mode

/usr/share/centrifydc/bin/addebug clear
/usr/share/centrifydc/bin/addebug on

Start debugging

adinfo --support

Disable back debug

 /usr/share/centrifydc/bin/addebug off

Now you can trace the problem by checking

/var/log/centrifydc.log
/var/centrify/tmp/stacktrace.txt
/var/centrify/tmp/adinfo_support.tar

Find 'error'  in the log and check root causes

Error: KDC refused skey: Preauthentication failed

This means you need to reset and add the password again by using any of the below commands

adkeytab -C

Or

adkeytab -r

Try to Rejoin the AD

You can always rejoin the AD by running below commands

adleave
adrjoin

 

 

 

 


Subscribe to
for video tutorials updates