EMM: How to Troubleshoot AD Integration Issue in Mobility using Apache Directory Studio?

Problem: How to troubleshoot AD integration issue in Mobility using Apache Directory Studio?

Cause: When onboarding a customer in EMM, the AD integration could fail due to various reasons. This could include LDAP port issue, incorrect or unavailable IP address, incorrect security context, incorrect credential, improper SSL set up, etc.

Resolution: Although ldp.exe gives you the option to troubleshoot AD and EMM integration issue, it might be best to troubleshoot this issue using Apache Directory Studio as this takes encryption in context as well. Please use below steps to perform this test:

1. Download the Apache Directory Studio on your Kaseya Server:

2. Add a new connection:

000528.jpg

3. Complete the connection details - you can choose startTLS encryption here. 

000529.jpg

4. Test if the hostname resolves properly or not by clicking Check Network Parameter. If you see any errors, expand additional information to see more details.

5. Please proceed ahead with authentication:

000531.jpg

6. If all completes you will see 3 security groups that you had created as needed by Kaseya under that OU that you have defined in base DN

000532.jpg

 

000533.jpg

 

Troubleshooting a Failed Connection: The connection to the AD server may fail if:

  • Apache Directory Studio cannot reach the AD server.
  • The port entered in Apache Directory Studio is incorrect.
  • The encryption method in Apache Directory Studio does not match the encryption method of the AD server.

To ensure that you can reach the server, execute the following command and verify that you receive a response:

ping 10.20.52.156

To verify that the server uses the port that you entered in Apache Directory Studio, execute a command similar to the following and verify that you receive a connected status:

telnet 10.20.52.156 389

To verify the encryption method of the AD server, please check this KB article.

 

Authentication with the bind DN or username may fail if:

  • The bind user entered does not exist in AD.
  • The bind user entered does not have permission to browse LDAP.
  • The DN or username is not formatted properly.

 

Certificate Issue: You will see below error if there is no certificate installed in AD machine:

000534.jpg

To confirm that above error is not coming due to credential issue, please click OK, go to previous menu, choose encryption to be none, click next and check authentication again. If the credential is OK, you will see test pass. This will confirm that the issue is with certificate/encryption

If the credential part still fails, please refer to this KB article.

000536.jpg

000535.jpg

Note: You may however still see an issue with Encryption even when self signed certificate is used. Please ensure you correct below highlighted ones. If it only prompts for self signed, ignore it and proceed ahead:

000538.jpg

 

Reference: 

 

 

Applies to: VSA 9.0, 9.1, 9.2, 9.3, 9.4.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us