Hi,

We recently started facing this error on all new servers that need to be integrated with AD using SSSD. Every time “net ads join -k” command is issued, following error is returned:

“Failed to join domain: failed to lookup DC info for domain X.Y.LOCAL' over rpc: NT_STATUS_CONNECTION_RESET”. [ In the packet capture, we do see reset’s coming from DC]

This is also happening on servers already connected with AD. Same error, although since they already have established join, authentication continues to work. Also, noticed that after doing “net ads keytab create”, keytab file is no longer getting generated under /etc.

AD team has recently disabled SMB V1 completely on the domain controllers. Could that be somehow causing this? I tried setting “client max protocol = SMB3” in smb.conf but that didn’t help.

[ for " net ads keytab add" or " net ads keytab create"  it  now says:

Ignoring unknown parameter "client max protocol"]

How can I further troubleshoot this issue?

Thanks,

~ abhi