Senstar
Safeguarding people, places and property
Contact       Xnet Login       English
Knowledge Base Article
Article Type: Troubleshooting
Product: Symphony
Product Version:
Component: Symphony Server
Device Brands:
Created: 4-Mar-2013 2:12:16 PM
Last Updated:

Troubleshooting SSO authentication with AES256 in a single domain

Issues

When cloning a PC:

  • Sometimes when you clone a PC, which was joined to a domain, as a second PC, the latter one will create domain controller issues, because its machine security ID will be the same in the domain controller.
  • The PC may lose domain connection.

Solution

Ensure that each workstation has a unique machine ID under the active directory domain:

  1. Unjoin each of the PC/workstations from the domain.
  2. Give each PC a distinct name.
  3. Reboot each PC for the settings to be activated.
  4. In the domain controller remove any machine accounts that may still be left for those PCs.
  5. Rejoin each PC one by one and do a reboot after each rejoin.

For future cloning operations, in order to prevent machine ID duplication issues, prior to cloning do one of the following:

  • Unjoin the PC from the domain and explicitly remove the machine account from the domain, if it's still there.

OR

  • Use the Microsoft Sysprep.exe tool on the PC that you are about to clone. This will ensure that upon starting for the first time, the clone will receive a new SID (Security ID) from the OS for its own machine and it will not be seen in the domain by default and will have to be joined explicitly.

When changing AES256 settings:

The change in "protocols supported" at the domain policy side should be made by addition, not removal. Otherwise, the following might occur:

  • 2 PCs were joined to the domain when the AES-256 mode was not in place
  • The domain policies are more stringent (for example, not support non-AES + AES, but AES-256 ONLY)

Consequently the two PCs may lose their domain connection. The domain will no longer recognize them.

Solution

You must unjoin them from the domain and rejoin them explicitly.

Average rating:
Please log in to rate.
Rated by 0, Viewed by 2969