EMM: How to Troubleshoot Active Directory Integration Failures?

Problem: On-boarding Customers in EMM fails due to Active Directory Integration Issue.

Kaseya Directory Integration Service log available at C:\Kaseya\Logs\Services\directory-webservice.log of Kaseya Server will have an entry like shown below:

ERROR [2015-02-24 03:21:06,647] com.kaseya.directory.core.exceptions.LdapBindFailureException: Bind failed to the LDAP server.
! java.io.IOException: An error occurred while attempting to establish a connection to server /10.20.52.156:389: java.net.ConnectException: Connection timed out: connect
! at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:158) ~[kaseya-directory-integration.jar:na]
! at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:859) ~[kaseya-directory-integration.jar:na]
! ... 61 common frames omitted

 

Cause: Enterprise Mobility Management requires the Active Directory server be open to an inbound read-only connection (secure LDAP port recommended) from a single whitelisted IP address. The AD is never open to the entire internet.

 

Resolution:

1. Please make sure the basic requirements have been checked:

Ensure that the configuration on the Active Directory has been sorted out as per our help file:

Note: You need to create three active directory security groups. You will also add your AD users to these groups.

2. If you are reading this article, most likely you have configured everything as per this above help file. Please do note all the necessary information. This information is required to connect to any instance of Active Directory you intend to associate with an organization within Enterprise Mobility Management.

  • The domain name or IP address of the Active Directory server.
  • The LDAP port used by Active Directory.
  • The default LDAP port is 389. 
  • The base DN (distinguished name) to search for: Example: OU=Kaseya EMM Groups, DC=company, DC=com
  • The credential to use to authenticate read access to this distinguished name. A dedicated credential is recommended.

3. You have used these above details but the connection still does not work and shows below error:

000431.jpg

 

Here are the steps you need to take:

Step 1: Please log into your Kaseya Server, open command prompt and run ldp.exe.

To install LDP.EXE on Windows Server 2008, open the Server Manager, and under Roles, install Active Directory Lightweight Directory Services. Please check Microsoft technet for more details. 

It is recommended to do this test using Apache Directory Studio as well:

000432.jpg

Step 2: Please choose Connection > Connect and provide the details to your AD server. If the connection does not work then there is a connection issue that you will need to troubleshoot:

000434.jpg

Step 3: Once connected, please choose to bind (Ctrl+B) or Connection > Bind. Please use the AD credential you noted in point b. This binding should work and authenticate. If it does not then please verify the credential and user details on AD side:

000435.jpg

000436.jpg

000437.jpg

Step 4: Once connected and authenticated, please search the directory by choosing search option from: Browse > Search or Ctrl+S alternatively.

Please search for the distinguished name noted in point b:

OU=Kaseya EMM Groups,DC=company,DC=com

I.e., As shown below in screenshot, your result should show the three security groups created. If this gives you error, the base DN you are specifying is incorrect, please check your AD to verify the distinguished name:

000439.jpg

Step 5: If this all passes, then the details you have should work with AD integration in EMM.

If this does not fix the issue, please create a ticket with Kaseya Support via this link. Please add screenshots showing result of each above test, Kaseya Support can then verify if the issue is on the server side or not, as well as logs: C:\Kaseya\Logs\Services\directory-webservice.log

 

Reference: http://www.lsoft.com/news/techtipLSV-issue2-2014.asp

 

 

Applies to: VSA 9.0, 9.1, 9.2, 9.3, 9.4.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section