[jcifs] java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for ********

[Michael B Allen]

On Fri, 24 Feb 2006 13:35:08 -0600
"Ghouse, Sherjeel" <Sherjeel.Ghouse at molex.com> wrote:

> We implemented jCIFS NTLM authentication in production last month. There
> were four outages of the Intranet site since then because of
> java.net.UnknownHostException: Failed to negotiate with a suitable
> domain controller for ******. The web application is stable most of the

That error is basically what it sounds like. There's some kind of
network failure somewhere and for some reason JCIFS is more sensitive
to it than other software.

Use the CheckAllDC.java example to see what domain controllers JCIFS
is trying to use and if it can authenticate with them. Also, I don't
think you need six WINS servers listed. Alternate WINS server aren't
tried unless JCIFS completely fails to communicate with the current
one. So if the WINS server is just returning bad entries, increasing
the number of WINS servers isn't going to help.  Actually, try the
CheckAllDC.java example with a few of the WINS servers. Maybe one is
sending bad entries. Or maybe it just becomes unresponsive for a time
(e.g. during a replication or backup job). If that turns out to be the
case, aside from increasing the name service timeouts, cachePolicy,
etc, you could just use the lmhosts option to hard code the address of
one reliable domain controller [1]. Read the overview page of the API
documentation for the list of properties. There's a lot of things you
could do (espectially if you diagnose what the exact failure mode is).

Mike

[1] Note this is superior to just using the domainController property
because when the domainController property is used "preauthentication"
doesn't work (this point isn't in the documentation!).