Problems with Multi Domain / Parent - Child AD Domain Issues

Problems with Multi Domain / Parent - Child AD Domain Issues

Issue:

The customer has an MS AD Parent / Child setup and webNetwork is having many problems creating objects in webAdmin. When a wizard is used to create a webApp and the end the Host, Link and User cannot be modified.
 

Resolution:

This was verified by going to webNetwork server 8090 management console and turning on the following debugs:
com.stoneware.service.directorymanager
com.stoneware.service.public.admin.createlink
com.stoneware.service.public.admin.createobject
com.stoneware.service.public.admin.modifyattribute

When things are working fine when the debug is viewed when the wizard was used, the following debug will be shown:
DEBUG (09/11) 14:35:45 [com.stoneware.service.public.Admin.createObject]: cn=test4-webapp,ou=stoneware,dc=example-cloud,dc=com was created on: dc1.example-cloud.com
DEBUG (09/11) 14:35:45 [com.stoneware.service.public.Admin.createObject]: cn=test4-host,ou=stoneware,dc=example-cloud,dc=com was created on: dc1.example-cloud.com
DEBUG (09/11) 14:35:45 [com.stoneware.service.public.Admin.createLink]: cn=test4-link,ou=applications,ou=stoneware,dc=example-cloud,dc=com was created on: dc1.example-cloud.com
DEBUG (09/11) 14:35:45 [com.stoneware.service.DirectoryManager]: cn=test4-webapp,OU=Stoneware,dc=example-cloud,dc=com> was created on server: dc1.example-cloud.com

When things are not working, the wrong DNS name will be shown for "was created on: xxx.example-cloud.com".


To fix this:
  1. Make sure that Multi Domain Support is enabled in the 8090 management console.
  2. Make sure the Search Scope and the Domain Tree Root match exactly.
  3. Make sure the DNS name / IP address is set to an IP address or DNS name of the DC in the top level of your tree.
  4. Make sure that a Global Catalog in the same part of the tree is used. Usually set the GC to the same as DNS Name / IP address.
  5. Make sure that SSL is checked in the 8090 console. Microsoft requires that SSL be used for Multi Domains.
  6. Make sure that the DNS name / IP address resolves to the real machine name.
    ping -a 1.1.1.1 should equal the machine name of the DC.
  7. Make sure that the domain name (same as search scope) resolves to the IP number in Step 6.
    ping example-cloud.com should equal 1.1.1.1 from Step 6.
 

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • Enable webNetwork to talk to AD Child domain

        To allow webNetwork to talk to a child domain in Microsoft Active Directory you will want to first make sure your child domain is up and running and that you have run DNSLINT to verify your Active directory DNS names and server communication. Next ...

      • Enable Multi-Domain Support

        If you use Active Directory and have multiple domains using a Parent Child configuration model AND your Check DNS Configuration is clean and has no errors then you can safely check this option. If it is not enabled and you have parent child domain ...

      • How do I set up SSL Certificates for MS AD Child Domains ?

        Certification Authority setup Parent/Child – Parent or root domain should contain the Enterprise root CA and the child domains would be Enterprise subordinate CA. You must be logged on as an enterprise administrator. Click Start, point to Programs, ...

      • How to troubleshoot high cpu on domain controller

        webNetwork uses LDAP to communicate with Microsoft Active Directory.  If your AD servers are underpowered you may see high cpu with the LSASS.exe process. The following information comes from Microsoft ( https://support.microsoft.com/en-us/kb/2550044 ...

      • Desktop Authentication known issues and recommendations

        Problem:  What are the known issues of using Desktop Authentication feature to automatically log users into the portal? Cause:  Desktop Authentication feature uses Windows Integrated Authentication (NTLMv1).  Most browsers do not support auto-login ...