Debugging Windows Active Directory domain join issues
Wanted to share some things I learned while troubleshooting another domain join issue.
In my case, I upgraded my FAC HA LB cluster from 5.4.1 > 6.0.3 and afterwards the secondary/slave unit would not re-join 1 of my domains. The master re-joined all 4 properly, but the slave just would not rejoin a single domain for some reason.
The quickest way to fix an issue like this probably just to delete the machine account from the domain, and re-join using a service account that has Domain Administrator privileges. Once the FAC has properly re-joined the domain, you can remove the Domain Administrator privileges from the account. The FAC will create the machine account for you, with all of the necessary settings it wants it to have. Letting the FAC create the machine account is definitely the best approach, imho.
Debugging Active Directory domain issues
Obtain and apply the debug image from FortiNet TAC.This will enable you to drop to the shell from a console window by typing 'shell'[ol]
> shell bash-3.1#
We will use the command /bin/smbop to debug the domain join issues.
First determine what the ID value is for the domain in question by using the 'list' argument[ol]
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.