This content has been marked as final. Show 2 replies
Would probably need to see your VDI instance cacao log file to see why this is failing, but you might need to add the following to [libdefaults] section of your krb5.conf file, for 2008R2 AD server:
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
And then restart VDI services (/opt/SUNWvda/sbin/vda-service restart)
Note that VDI will actually try to query individual AD servers as defines as part of your AD Global Catalog when it tries to lookup AD domain data. This means you need to verify that your global calalog referenced servers are valid and having matching forward and reverse DNS information:
$ *nslookup -querytype=any gc.tcp.vdi.com.*
gc.tcp.vdi.com service = 0 100 3268 win2008.vdi.com*.
$ nslookup win2008.vdi.com.
r$ nslookup 192.168.1.100
188.8.131.52.in-addr.arpa name = win2008.vdi.com.*
You'd want to verify that every record returned by the *nslookup -querytype=any gc.tcp.yourdoamin.com* command refers to a server that can be reached and has matching forward and reverse DNS. Otherwise, this may trigger VDI to have failures or delays in performing directory queries.
Beyond that, you need to look in the cacao.log file for errors that you can find and post.
Edited by: DoesNotCompute on Oct 13, 2012 11:48 AM