Cisco Cisco Web Security Appliance S360 Troubleshooting Guide
Why do I get the "Failed to pre−create the machine
object" error when joining the domain?
object" error when joining the domain?
Document ID: 118221
Contributed by Kei Ozaki and Siddharth Rajpathak, Cisco TAC
Engineers.
Aug 12, 2014
Engineers.
Aug 12, 2014
Contents
Question
Symptoms
Symptoms
Question
Why do I get the "Failed to pre−create the machine object" error when joining the domain?
Symptoms
Unable to join the AD domain on the Cisco Web Security appliance (WSA).
Seeing any of following errors when joining the domain:
Failure: Error while joining WSA onto server 'ad.local' :
•
Failed to pre−create the machine object in OU createcomputer=Computers.
•
Failed to join domain: Operations error
•
Note: This Knowledge Base article references software which is not maintained or supported by Cisco. The
information is provided as a courtesy for your convenience. For further assistance, please contact the software
vendor.
information is provided as a courtesy for your convenience. For further assistance, please contact the software
vendor.
The error mesage typically happens when the account used to join the domain does not require "Kerberoes
Preauthentication".
Preauthentication".
This article assumes that the below conditions are already met:
The account used to join the domain has "Domain administrator" privileges.
1.
Correct credentials are being used while joining the domain.
2.
The active directory server is able to resolve all the WSA hostnames (interface hostnames and redirect
hostname).
hostname).
3.
Please follow the instructions below and enable "Kerberoes Preauthentication" for the concerned account.
Navigate under "Administrative Tools".
1.
Choose "Active directory Users and Computers".
2.
Locate the user in question, right−click, and select "Properties".
3.
Click the "Account" tab.
4.
Locate "Do not require Kerberos preauthentication" under the "Account options" section.
5.
Make sure this option is NOT checked.
6.