Follow

EMM:How to troubleshoot AD integration issue in Mobility using Apache Directory Studio?

Problem:

How to troubleshoot AD integration issue in Mobility using Apache Directory Studio?

Cause:

When onboarding a customer in EMM, the AD integration could fail due to various reasons. This could include ldap port issue,incorrect or unavailable ip address,incorrect security context, incorrect credential, improper SSL set up.

Solution:

Although ldp.exe gives you the option to troubleshoot AD and EMM integration issue, it might be best to troubleshoot this issue using Apache Directory Studio as this takes encryption in context as well. Please use below steps to perform this test

1. Download the apache directory studio in your kaseya server

http://directory.apache.org/studio/downloads.html
http://directory.apache.org/studio/download/download-windows.html

2.Add a new connection

000528.jpg

3. Complete the connection details

You can choose startTLS encryption here. 

https://kaseya.zendesk.com/entries/89132877

000529.jpg

4. Test if the hostname resolves properly or not by clicking 'Check Network Parameter'. If you see any error, expand additional information to see more details

5. Please proceed ahead with authentication

000531.jpg

6. If all completes you will see 3 security groups that you had created as needed by Kaseya under that OU that you have defined in base DN

000532.jpg

 

000533.jpg

 

 

Troubleshooting a Failed Connection
The connection to the AD server may fail if:

Apache Directory Studio cannot reach the AD server
The port entered in Apache Directory Studio is incorrect
The encryption method in Apache Directory Studio does not match the encryption method of the AD server

To ensure that you can reach the server, execute the following command and verify that you receive a response:

ping 10.20.52.156

To verify that the server uses the port that you entered in Apache Directory Studio, execute a command similar to the following and verify that you receive a connected status:

telnet 10.20.52.156 389

To verify the encryption method of the AD server, please check the article https://kaseya.zendesk.com/entries/89132877

 

Authentication with the bind DN or username may fail if:

The bind user entered does not exist in AD
The bind user entered does not have permission to browse LDAP
The DN or username is not formatted properly

 

Certificate Issue


You will see below error if there is no certificate installed in AD machine

000534.jpg

To confirm that above error is not coming due to credential issue, please click OK, go to previous menu, choose encryption to be none, click next and check authentication again. If the credential is OK, you will see test pass

This will confirm that the issue is with certificate/encryption

If the credential part still fails, please refer to this article https://kaseya.zendesk.com/entries/90115217

 

000536.jpg

 

-------------------

 

000535.jpg

 

You may however still see an issue with Encryption even when self signed certificate is used. Please ensure you correct below highlighted ones.If it only prompts for self signed, ignore it and proceed ahead

000538.jpg

 

 

Reference: 

https://jamfnation.jamfsoftware.com/article.html?id=224

https://www.ibm.com/developerworks/community/blogs/ibm-bi-capabilities/entry/using_apache_directory_server_apacheds_based_ldap_to_secure_ibm_cognos_10_2_bi_environment?lang=en

Applies to EMM-R9 and above

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.