Problems with Multi Domain / Parent - Child AD Domain Issues

Problems with Multi Domain / Parent - Child AD Domain Issues

Issue:

The customer has an MS AD Parent / Child setup and webNetwork is having many problems creating objects in webAdmin. When a wizard is used to create a webApp and the end the Host, Link and User cannot be modified.
 

Resolution:

This was verified by going to webNetwork server 8090 management console and turning on the following debugs:
com.stoneware.service.directorymanager
com.stoneware.service.public.admin.createlink
com.stoneware.service.public.admin.createobject
com.stoneware.service.public.admin.modifyattribute

When things are working fine when the debug is viewed when the wizard was used, the following debug will be shown:
DEBUG (09/11) 14:35:45 [com.stoneware.service.public.Admin.createObject]: cn=test4-webapp,ou=stoneware,dc=example-cloud,dc=com was created on: dc1.example-cloud.com
DEBUG (09/11) 14:35:45 [com.stoneware.service.public.Admin.createObject]: cn=test4-host,ou=stoneware,dc=example-cloud,dc=com was created on: dc1.example-cloud.com
DEBUG (09/11) 14:35:45 [com.stoneware.service.public.Admin.createLink]: cn=test4-link,ou=applications,ou=stoneware,dc=example-cloud,dc=com was created on: dc1.example-cloud.com
DEBUG (09/11) 14:35:45 [com.stoneware.service.DirectoryManager]: cn=test4-webapp,OU=Stoneware,dc=example-cloud,dc=com> was created on server: dc1.example-cloud.com

When things are not working, the wrong DNS name will be shown for "was created on: xxx.example-cloud.com".


To fix this:
  1. Make sure that Multi Domain Support is enabled in the 8090 management console.
  2. Make sure the Search Scope and the Domain Tree Root match exactly.
  3. Make sure the DNS name / IP address is set to an IP address or DNS name of the DC in the top level of your tree.
  4. Make sure that a Global Catalog in the same part of the tree is used. Usually set the GC to the same as DNS Name / IP address.
  5. Make sure that SSL is checked in the 8090 console. Microsoft requires that SSL be used for Multi Domains.
  6. Make sure that the DNS name / IP address resolves to the real machine name.
    ping -a 1.1.1.1 should equal the machine name of the DC.
  7. Make sure that the domain name (same as search scope) resolves to the IP number in Step 6.
    ping example-cloud.com should equal 1.1.1.1 from Step 6.
 

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...

      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • Related Articles

      • Enable webNetwork to talk to AD Child domain

        To allow webNetwork to talk to a child domain in Microsoft Active Directory you will want to first make sure your child domain is up and running and that you have run DNSLINT to verify your Active directory DNS names and server communication. Next ...

      • Enable Multi-Domain Support

        If you use Active Directory and have multiple domains using a Parent Child configuration model AND your Check DNS Configuration is clean and has no errors then you can safely check this option. If it is not enabled and you have parent child domain ...

      • How do I set up SSL Certificates for MS AD Child Domains ?

        Certification Authority setup Parent/Child – Parent or root domain should contain the Enterprise root CA and the child domains would be Enterprise subordinate CA. You must be logged on as an enterprise administrator. Click Start, point to Programs, ...

      • Desktop Authentication known issues and recommendations

        Problem:  What are the known issues of using Desktop Authentication feature to automatically log users into the portal? Cause:  Desktop Authentication feature uses Windows Integrated Authentication (NTLMv1).  Most browsers do not support auto-login ...

      • How to troubleshoot high cpu on domain controller

        webNetwork uses LDAP to communicate with Microsoft Active Directory.  If your AD servers are underpowered you may see high cpu with the LSASS.exe process. The following information comes from Microsoft ( https://support.microsoft.com/en-us/kb/2550044 ...