Created on 03-16-2016 07:42 AM Edited on 05-26-2022 09:52 AM By Anonymous
Description
IDM throws error "Check if computer account already exists with userPrincipalName of [HTTP/<IDM-Hostname>]"
Scope
KB ARTICLE TYPE: Design/Configuration/Troubleshooting/Field Notice
RELATED PRODUCTS: IDM
RELATED SOFTWARE VERSIONS: 13.2, 13.6
KEYWORDS: SSO, Single Sign-On
Solution
This exists when a wrong / incomplete configuration causes a partial configuration to get pushed to the Active Directory preventing the IDM to bind with it completely.
First check the following:
1. DNS must be configured and working on the Identity Manager
2. DNS must be configured and working on the Domain Controller.
3. Both of the following DNS entries for the Identity Manager must be defined and must be available to
both the Identity Manager and all Windows servers in the domain:
i. Forward (“A”) record
ii. Reverse (“PTR”) record
4. Both of the following DNS entries for the Domain Controller must be defined must be defined and
must be available to both the Identity Manager and all Windows servers in the domain.:
i. Forward (“A”) record
ii. Reverse (“PTR”) record
5. Identity Manager time settings must be synchronized with the Active Directory Domain.
6. Sponsors web browser may require configuration to allow the single sign on function.
7. Single Sign on must be configured separately for each replicated server.
8. IDM must be NTP synchronized.
Then delete any "NGS-..." based Active Directory device entry and configure SSO again.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.