If you find that you are no longer able to Join or Rejoin the SteelHead Appliance to the Active Directory Domain, the most likely reason is the installation of Microsoft patches released on January 11th, 2022 (or after).
Beginning with the January 2022 patch cycle, Microsoft no longer permits the SteelHead appliances for joining AD Domains as Read-Only Domain Controllers (RODC's). A detailed explanation of the issue may be found at this link: https://supportkb.riverbed.com/support/index?page=content&id=S35726.
To correct this issue, the following steps will need to be followed:
- Upgrade the SteelHead appliances to RiOS version 9.12.2b or later.
- Select one of the two Domain Join Modes listed below.
- Kerberos Authentication (Formerly Workstation) Mode:
- NTLM Authentication (Formerly Windows 2003 or BDC) Mode:
Please note that choosing which mode to use can be complex and depends on each environment. For assistance with selecting the best mode or with correcting this issue, please open a ticket with Teneo Support.
Additional information regarding Domain Join Best Practices and Domain Join Methodologies made be found at these links:
- Best Practices and check-list for Windows Domain join and DC communication
- How to rejoin the domain in WORKSTATION mode
- How to rejoin the domain in BDC mode
Please sign in to leave a comment.