I have a number of lightly used systems which periodically get locked out of Active Directory (I'm not certain the cause, perhaps they're not changing their password quick enough). Anyways, I was wondering if there's a way to unlock them using vastool amd the keytab which created them (since it has access to that object in the OU).
The specific error I'm seeing is:
<<<<<
# vastool flush
Flushing auth cache: OK
Could not load caches- Authentication failed, error = VAS_ERR_NOT_FOUND: Not found
Caused by:
VAS_ERR_KRB5: Failed to obtain credentials. Keytab: , Client: IAE2-LZ$@ENT.X.CORP, Service: krbtgt/ENT.X.CORP@ENT.X.CORP
Caused by:
KRB5KDC_ERR_CLIENT_REVOKED (-1765328366): Clients credentials have been revoked
It appears that the computer object has not yet replicated to the Global Catalog.
vasd will stay in disconnected mode until this replication takes place.
You do not need to rejoin this computer.
>>>>>
An unjoin/rejoin does resolve the problem, or unlocking them in AD via some Windows admin tools. However I was hoping for a more graceful solution than unjoin/join which I can run from the command line.
Message was edited by: nicholas.andrade_123127335115
The specific error I'm seeing is:
<<<<<
# vastool flush
Flushing auth cache: OK
Could not load caches- Authentication failed, error = VAS_ERR_NOT_FOUND: Not found
Caused by:
VAS_ERR_KRB5: Failed to obtain credentials. Keytab: , Client: IAE2-LZ$@ENT.X.CORP, Service: krbtgt/ENT.X.CORP@ENT.X.CORP
Caused by:
KRB5KDC_ERR_CLIENT_REVOKED (-1765328366): Clients credentials have been revoked
It appears that the computer object has not yet replicated to the Global Catalog.
vasd will stay in disconnected mode until this replication takes place.
You do not need to rejoin this computer.
>>>>>
An unjoin/rejoin does resolve the problem, or unlocking them in AD via some Windows admin tools. However I was hoping for a more graceful solution than unjoin/join which I can run from the command line.
Message was edited by: nicholas.andrade_123127335115