Security

Hi,

we have a problem with aruba clearpass when join domain

Adding host to AD domain... INFO - Fetched REALM 'ASTRAPAY.COM' from domain FQDN 'astrapay.com' INFO - Fetched the NETBIOS name 'ASTRAPAY' INFO - Creating domain directories for 'ASTRAPAY' INFO - Using Administrator as the ASTRAPAY's username Enter Administrator's password: connect_to_domain_password_server: unable to open the domain client session to machine astrapay.com. Flags[0x00000000] Error was : NT_STATUS_ACCESS_DENIED. Failed to join domain: failed to verify domain membership after joining: {Access Denied} A process has requested access to an object but has not been granted those access rights. INFO - Restoring smb configuration INFO - Deleting domain directories for 'ASTRAPAY' ERROR - ClearPass failed to join the domain ASTRAPAY.COM with domain controller as astrapay.com Join domain failed

-------------------------------------------

Make sure to have required ports opened between ClearPass server and the domain controller. I often make a temporary ope ing on all ports, as the Active Directory ports are quite many.

After the join I just keep the ports needed for user lookup and authentication. 

Specify the domain controller FQDN, not just the domain. It works best according to my experience. Press tab after entering the FQDN, this will start a search for the Netbios name of the domain. Make sure the name is found.

The user you use to join must have some special permissions. Not just join domain rights, it also needs modify rights on the newly created computer object.

Easiest way is to utilise an account with Domain Admin privileges, if that's not possible. As the AD administrator to delegate both domain join en edit permission on a computer account they create for the ClearPass server to an account you are using.

------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------

Original Message:
Sent: Aug 20, 2025 01:15 PM
From: Bintang
Subject: ClearPass failed to join the domain

Hi,

we have a problem with aruba clearpass when join domain

Adding host to AD domain... INFO - Fetched REALM 'ASTRAPAY.COM' from domain FQDN 'astrapay.com' INFO - Fetched the NETBIOS name 'ASTRAPAY' INFO - Creating domain directories for 'ASTRAPAY' INFO - Using Administrator as the ASTRAPAY's username Enter Administrator's password: connect_to_domain_password_server: unable to open the domain client session to machine astrapay.com. Flags[0x00000000] Error was : NT_STATUS_ACCESS_DENIED. Failed to join domain: failed to verify domain membership after joining: {Access Denied} A process has requested access to an object but has not been granted those access rights. INFO - Restoring smb configuration INFO - Deleting domain directories for 'ASTRAPAY' ERROR - ClearPass failed to join the domain ASTRAPAY.COM with domain controller as astrapay.com Join domain failed

-------------------------------------------

Hi,

Check your account if it is a Domain Admin. Try joining domain with "administrator" account.



Original Message:
Sent: Aug 20, 2025
From: Bintang
Subject: ClearPass failed to join the domain

Hi,

we have a problem with aruba clearpass when join domain

Adding host to AD domain... INFO - Fetched REALM 'ASTRAPAY.COM' from domain FQDN 'astrapay.com' INFO - Fetched the NETBIOS name 'ASTRAPAY' INFO - Creating domain directories for 'ASTRAPAY' INFO - Using Administrator as the ASTRAPAY's username Enter Administrator's password: connect_to_domain_password_server: unable to open the domain client session to machine astrapay.com. Flags[0x00000000] Error was : NT_STATUS_ACCESS_DENIED. Failed to join domain: failed to verify domain membership after joining: {Access Denied} A process has requested access to an object but has not been granted those access rights. INFO - Restoring smb configuration INFO - Deleting domain directories for 'ASTRAPAY' ERROR - ClearPass failed to join the domain ASTRAPAY.COM with domain controller as astrapay.com Join domain failed

-------------------------------------------

Make sure the password of the account used for the domain join does not include any of the disallowed characters.

https://arubanetworking.hpe.com/techdocs/ClearPass/6.11/PolicyManager/Content/Deploy/Active%20Directory/Joining_AD_domain.htm

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message:
Sent: Aug 20, 2025 01:15 PM
From: Bintang
Subject: ClearPass failed to join the domain

Hi,

we have a problem with aruba clearpass when join domain

Adding host to AD domain... INFO - Fetched REALM 'ASTRAPAY.COM' from domain FQDN 'astrapay.com' INFO - Fetched the NETBIOS name 'ASTRAPAY' INFO - Creating domain directories for 'ASTRAPAY' INFO - Using Administrator as the ASTRAPAY's username Enter Administrator's password: connect_to_domain_password_server: unable to open the domain client session to machine astrapay.com. Flags[0x00000000] Error was : NT_STATUS_ACCESS_DENIED. Failed to join domain: failed to verify domain membership after joining: {Access Denied} A process has requested access to an object but has not been granted those access rights. INFO - Restoring smb configuration INFO - Deleting domain directories for 'ASTRAPAY' ERROR - ClearPass failed to join the domain ASTRAPAY.COM with domain controller as astrapay.com Join domain failed

-------------------------------------------