Error 2691 add to domain ok

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

How could I create a small script in C to test this function ?

Do you have MS Visual Studio? With that you should be able to come up with a simple C# console app.

But maybe try PowerShell first. Not sure if that yields the same results really:

PS > $o = [System.Net.Dns]::GetHostAddresses("domain.tld")
PS > $o

Address            : 2014353xx
AddressFamily      : InterNetwork
ScopeId            :
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : 192.168.1.x

lebrun78

@sebastian-roth
Hello, thank you for your answer
Here is the result of this C# script:

// Main Method 
using System;
using System.Collections.Generic;
using System.DirectoryServices.ActiveDirectory;
using System.Linq;
using System.Net;
using System.Runtime.InteropServices;
//using Zazzles;
class test
{
    static public void Main(String[] args)
    {
        string idealDomain = "ur.local";
        Console.WriteLine("Main Method");
        var domain = Domain.GetComputerDomain();
        Console.WriteLine(domain);
        var currentIP = Dns.GetHostAddresses(domain.Name);
        Console.WriteLine(currentIP);
        var targetIP = Dns.GetHostAddresses(idealDomain);
        Console.WriteLine(targetIP);
        var result = currentIP.Intersect(targetIP).Any();
        Console.WriteLine(result);
    }
}

Exception levée : ‘System.Security.Authentication.AuthenticationException’ dans System.DirectoryServices.dll
Une exception non gérée du type ‘System.Security.Authentication.AuthenticationException’ s’est produite dans System.DirectoryServices.dll
User or password incorrect

Which user is used in the script ?

[admin07]: PS C:\Users\Administrateur\Documents>  $o = [System.Net.Dns]::GetHostAddresses("admin07")
[admin07]: PS C:\Users\Administrateur\Documents> $o


Address            :
AddressFamily      : InterNetworkV6
ScopeId            : 5
IsIPv6Multicast    : False
IsIPv6LinkLocal    : True
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : fe80::7164:xxxxxxxx:7d52%5

Address            : xxxx724
AddressFamily      : InterNetwork
ScopeId            :
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : xxx.xx.6.250

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

Une exception non gérée du type ‘System.Security.Authentication.AuthenticationException’ s’est produite dans System.DirectoryServices.dll
User or password incorrect

Did you run the test program as administrator?

The output of the PowerShell stuff on your machine seems interesting. Possibly this is pointing us to it being an issue with IPv6?

lebrun78

@sebastian-roth
Yes I ran this script as administrator. But administrator is not member of the AD domain.
I tried disabling IPv6.

[admin07]: PS C:\Users\Administrateur\Documents>  $o = [System.Net.Dns]::GetHostAddresses("admin07")
[admin07]: PS C:\Users\Administrateur\Documents> $o


Address            :
AddressFamily      : InterNetworkV6
ScopeId            : 0
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : ::1

Address            : xxxx724
AddressFamily      : InterNetwork
ScopeId            :
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : *.*.6.250

And with IPV6 disabled, I have error 2691

lebrun78

@sebastian-roth
I 've just run the script as a domain-admin.
domain as value ur.local (the ad domain name)
targetIP and targetIP contain the same address (the AD controler addresses )

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

targetIP and targetIP contain the same address (the AD controler addresses )

You mean currentIP and targetIP? What does it print for “result”?

Can you please try running the test tool as local SYSTEM account to see if it shows a different output than ran as AD admin. Download MS sysinternals tool PsExec and run psexec -s -i cmd.exe to get a command shell run as SYSTEM. Now start your script/tool here and compare the output to what you get running as AD admin.

lebrun78

@sebastian-roth
(currentIP.Intersect(targetIP).Any()) = true

Sebastian Roth

@lebrun78 Did you see this part of my post as well?

Can you please try running the test tool as local SYSTEM account to see if it shows a different output than ran as AD admin. Download MS sysinternals tool PsExec and run psexec -s -i cmd.exe to get a command shell run as SYSTEM. Now start your script/tool here and compare the output to what you get running as AD admin.

lebrun78

@sebastian-roth
Yes, I now unterdstand the problem, fog client is running with local\install account, not system.

We use install account for a long time to access samba share with snapin scripts. Have you example to access samba share with client running under system account ?

I have No error 2691 running fogservice with system account

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

Yes, I now unterdstand the problem, fog client is running with local\install account, not system.

Ahhhhhhh, there we go. One tiny bit of information that was still missing to solve this!

Have you example to access samba share with client running under system account ?

Just just a public readable share!?

lebrun78

@sebastian-roth
No actually, the share is only accessible to administrators.
I use a powershell script which mount with a samba share account the share and launch the installer.
but the script seems not working when run as system.
I’m investigating