• State Verified Answer
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 3610 views
  • Users 0 members are here
Options
Related

ARS: The specified Domain is not available for Management. The specified Domain either does not exist or could not be contacted.

micha.becker
over 4 years ago

Hi,

I've installed ARS on a on a separated Domain and now try to add managed Domains in other non-trusted Domains. All ports form the ARS documentation are open against the specific Domains, but I am still facing the error that the Domain can't be contacted. Don't know if it's relevant or not, but in the eventlog I can see that there is the following warning:

Active Roles Administration Service encountered a non-critical error.

Details: Active Roles Administration Service failed to publish the service connection point under container

Because of the above error, i've set the permission like described in the following article, but I am still facing the same error in the eventlog when restarting the ARS service:
https://support.oneidentity.com/active-roles/kb/90456/what-permissions-are-required-for-the-ars-service-account-to-publish-service-connection-points-

Not sure if both issues are connected or not, but I would really appreciate your Help.

Thanks,
Micha

  • +1 over 4 years ago

    The error tells you only that the account with which you are accessing the domain does not have write access to stamp the AR service connection point.  This is not a show stopper for managing the domain - it will affect the operation of the AR web site if placed on a host other than your server and could affect users in that domain trying to run scripts through Active Roles as the scripts would not be able to locate your AR server.  From your AR server host, can you see the domain you are trying to manage using Active Directory Users and Computers and/or the Powershell AD module?  If yes, then your AR Admin service should be able to see it as well.

  • +1 over 4 years ago

    This resource is relevant:

    Title: The specified domain either does not exist or could not be contacted
    Solution: 257867
    URL: https://support.oneidentity.com/kb/257867 

    Aside from the necessary ports, DNS has to be in place for this domain so that Active Roles can resolve the necessary service records.

  • +1 over 4 years ago

    ARS is a per-AD-domain solution. ARS ADmin Service can manage AD Domain (from one or another Forests with No Trust between Forests and ARS server AD Domain) as far the relevant Ports open and relevant Service account rights granted. ARS Documentation (Quick Start Guide) provides PORTS to talk AD/DNS, SQL, Exchange etc..., and Service Rights (svc-ars-service, svc-ars-proxy). I generally discuss it at the planning stage of any ARS deployment.