Sophos AD SSO NTLM Channel failed

Cannot establish NTLM authentication channel

 
Is there a way to resolve this
 
I have followed this guide and used a domain admin account. It resolves dns and creates the computer object in both of my domains.
 
 
I have looked at the logs 
 
winbindd version 4.7.4 started.
Copyright Andrew Tridgell and the Samba Team 1992-2017
initialize_winbindd_cache: clearing cache and re-creating with version number 2
Could not fetch our SID - did we join?
unable to initialize domain listJul 30 16:34:23.077201 [nasm] executing '/oss/net'
dos charset 'CP850' unavailable - using ASCII
Failed to join domain: Failed to set machine spn: Constraint violation
Do you have sufficient permissions to create machine accounts?
Jul 30 16:34:23.795542 [nasm] '/oss/net' exited with invalid status '255'
Jul 30 16:34:23.795559 [nasm] net_ads_join (done)
Jul 30 16:34:23.795587 [nasm] pre_channel (done)
Jul 30 16:34:23.795602 [nasm] throwing logs on garner
 
 
  • Hi  

    Thanks for the information and logs. As per information you have already used domain admin account but still it gives below error:

    Failed to join domain: Failed to set machine spn: Constraint violation

    Above indicates either the account that is used does not have the permissions to set an object SPN on the domain or the SPN already exists in.

    Below logs will be help to narrow-down the issue further.

    1) nasm.log (service -ds nosync nasm:debug)

    2) awarrenhttp.log (service -ds nosync awarrenhttp:debug)

    Note: The same command will rever the service status to normal from debug.

  • In reply to Vishal_R:

    Hi Vishal_R

    I have private messaged you