• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 25 subscribers
  • Views 801 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Monitor DHCP With IPAM and No AD Domain/Forest Trust

FormerMember
FormerMember

We have IPAM v4.1 up and running and monitoring the enterprise DHCP servers, but we are trying to add some one-off Windows DHCP servers which we cannot have any domain or forest trust with.  We have created service accounts in the untrusted domains and granted the accounts the required rights on those DHCP servers, but we are getting errors regarding workstation trusts.  We can add the node to Orion, but when we try to add the server as a DHCP server in IPAM, the credential test fails and IPAM is unable to poll the server.  Anyone have anything similar working, or have any suggestions?

  • 0

    As the authentication has to be made to the domain, you'd need trust to allow the server the ability to talk to the domain.  Otherwise, the domain itself is what is rejecting the credentials, not IPAM.  There probably isn't a way to code around these types of restrictions.

  • FormerMember
    0 FormerMember in reply to mharvey

    Yeah, that correlates to the errors I was getting since they appear to be Kerberos errors.  Just unfortunate that it has to use Kerberos.  I'm wondering if I disable Kerberos pre-authentication on the service account making the connection if that will change my results.

  • 0

    Any update on this issue? We have similiar problem with our enviroment, our NPM is not part of domain, but we would like to be able to monitor DHCP servers via it - any workaround? Did disabling Pre-auth help for you, Jeff?

  • 0 in reply to olli.luotonen

    There is no workaround. The only way this could be done would be if one had IPAM run from a server that is a member in that domain. We've been asking for additional poller support, to install IPAM on an additional poller, which would be a server in the second domain. This won't happen but something else is planned to make it work. Not likely to happe anytime soon, though emoticons_sad.png

  • 0

    I had a similar situation recently that I was able to work around and get cross domain authentication for DHCP monitoring working with NO trust between the domains.

    In attempting to configure this I found it quite suprising that the NPM core AND DNS monitoring withing IPAM BOTH worked fine using Untrusted_Domain\User with no problem.

    However, every attempt to authenticate against the DHCP server in the target, untrusted domain from the Add DHCP server menu in IPAM failed.

    What I was finally able to get to work was to leverage classic Windows Passthrough Authentication.  To achieve this I created an account locally on the NPM server with the same username and password as the target domain account.

    I then REMOVED (yep, even though the instructions specifically state to include it) the "Untrusted_Domain\" portion of the credential and left ONLY the username for the target domain.

    This worked with no errors and allowed me to import and monitor the target DHCP server in the remote domain with no trust between domains.

    Hope this helps!

    Thanks,

    Bill Fitzpatrick

    -BillFitz_Loop1

    Loop1 Systems: SolarWinds Training and Professional Services

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.