Hi,
we have set up two more IPA environments. Today we tried to establish the trust to the AD domain but unfortunately we were not successful:
[root@pipag01 ~]# ipa trust-add --type=ad someaddomain.at --admin someadadmin --password Active Directory domain administrator's password: ipa: ERROR: CIFS server communication error: code "3221225653", message "{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired." (both may be "None")
What might be the cause? Where should we take a closer look?
Cheers, Ronald
Hi,
On Fri, Jun 24, 2022 at 9:54 AM Ronald Wimmer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hi,
we have set up two more IPA environments. Today we tried to establish the trust to the AD domain but unfortunately we were not successful:
[root@pipag01 ~]# ipa trust-add --type=ad someaddomain.at --admin someadadmin --password Active Directory domain administrator's password: ipa: ERROR: CIFS server communication error: code "3221225653", message "{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired." (both may be "None")
What might be the cause? Where should we take a closer look?
If you want to troubleshoot, the official doc has a brand new chapter explaining the sequence establishing a trust, and how to gather debug logs: Troubleshooting setting up a cross-forest trust [1]
The timeout error often happens when the firewall is blocking some of the ports required for AD-IdM communication. You can probably jump directly to this doc section: [2] Ports required for communication between IdM and AD
HTH, flo
[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm... [2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
Cheers,
Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On 24.06.22 10:06, Florence Blanc-Renaud wrote:
Hi,
On Fri, Jun 24, 2022 at 9:54 AM Ronald Wimmer via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hi,
we have set up two more IPA environments. Today we tried to establish the trust to the AD domain but unfortunately we were not successful:
[root@pipag01 ~]# ipa trust-add --type=ad someaddomain.at --admin someadadmin --password Active Directory domain administrator's password: ipa: ERROR: CIFS server communication error: code "3221225653", message "{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired." (both may be "None")
What might be the cause? Where should we take a closer look?
If you want to troubleshoot, the official doc has a brand new chapter explaining the sequence establishing a trust, and how to gather debug logs: Troubleshooting setting up a cross-forest trust [1]
Thanks. I will go through that!
The timeout error often happens when the firewall is blocking some of the ports required for AD-IdM communication. You can probably jump directly to this doc section: [2] Ports required for communication between IdM and AD
We could already confirm that there have to be some firewall issues. I will sort that out.
Cheers, Ronald
freeipa-users@lists.fedorahosted.org