Follow

EMM AD integration fails with error 'Invalid bind credentials received'

Problem:

EMM AD integration fails and you have already verified the instructions here 

c:\kaseya\logs\services\directory-webservice.log has following entry

ERROR [2015-03-09 22:56:52,649] com.kaseya.directory.web.exception.mapper.InvalidCredentialsExceptionMapper: Received invalid credentials
! com.unboundid.ldap.sdk.LDAPException: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
! at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2178) ~[kaseya-directory-integration.jar:na]
! at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2095) ~[kaseya-directory-integration.jar:na]
! at com.kaseya.directory.core.connection.ConnectionTarget.<init>(ConnectionTarget.java:62) ~[kaseya-directory-integration.jar:na]
! ... 55 common frames omitted
! Causing: com.kaseya.directory.core.exceptions.InvalidCredentialsException: Invalid bind credentials received.

Cause:

The login detail you are using in kaseya mobility has an unsupported ldap user format i.e domain/username or just username(without domain part) or the domain part you have specified is not being accepted

Notice the "data 52e" part in the error message, this simply means its the credential issue. So this error message could also mean the credential you have provided is incorrect

Solution:

1.Please make sure you are using the correct format of domain part. You can do a simple test in ldp.exe where you can bind using your format and verify what format ldp.exe changes it to. The resulting format is the format you will need to use

For example in below screenshot, two attempts of connection with bind credential ktest.local\xxx and ktest-ad.ktest.local\xxx were made.Although both are correct it does not necessarily mean ldap will accept those formats. Therefore ldp.exe changes it automatically to appropriate format and in this case KTEST\Administrator. This is the format and domain part you will need to use in Kaseya EMM

 

000562.jpg

 

2.You can also test with apache directory studio test https://kaseya.zendesk.com/entries/90977547

If your format is incorrect or if the credential is incorrect you will receive an error message like this "[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1"

In order to find out what is wrong, you will need to however use ldp.exe 

000559.jpg

 

Here are some more error codes you may see in the data xxx part

525:user not found
52e:invalid credentials
530:not permitted to logon at this time
531:not permitted to logon at this workstation
532:password expired (remember to check the user set in osuser.xml also)
533:account disabled
534:The user has not been granted the requested logon type at this machine
701:account expired
773:user must reset password
775:user account locked

 

Applies to EMM R9 and above

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.