Onboarding Customers in EMM fails due to Active Directory Integration Issue
Kaseya Directory Integration Service log available at C:\kaseya\logs\services\directory-webservice.log of Kaseya Server will have an entry like shown below
ERROR [2015-02-24 03:21:06,647] com.kaseya.directory.core.exceptions.LdapBindFailureException: Bind failed to the LDAP server.
! java.io.IOException: An error occurred while attempting to establish a connection to server /10.20.52.156:389: java.net.ConnectException: Connection timed out: connect
! at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:158) ~[kaseya-directory-integration.jar:na]
! at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:859) ~[kaseya-directory-integration.jar:na]
! ... 61 common frames omitted
Enterprise Mobility Management requires the Active Directory server be open to an inbound read-only connection (secure LDAP port recommended) from a single whitelisted IP address. The AD is never open to the entire internet.
a.Please make sure the basic requirements have been checked
Please ensure that the configuration on the active directory has been sorted out as per our help file
Please note that you need to create three active directory security groups. You will add your AD users to these groups.
b.If you are reading this article, most likely you have configured everything as per this above help file. Please do note all the necessary information.This information is required to connect to any instance of Active Directory you intend to associate with an organization within Enterprise Mobility Management.
The domain name or IP address of the Active Directory server.
The LDAP port used by Active Directory. The default LDAP port is 389.
The base DN (distinguished name) to search for: Example: OU=Kaseya EMM Groups,DC=company,DC=com
The credential to use to authenticate read access to this distinguished name. A dedicated credential is recommended.
c.You have used these above details but the connection still does not work and shows below error.
Here are the steps you need to take
Step 1: Please log into your kaseya server, open command prompt and run ldp.exe.
To install LDP.EXE on Windows Server 2008, open the Server Manager, and under Roles, install Active Directory Lightweight Directory Services. Please check microsoft technet for more details http://technet.microsoft.com/
It is recommended to do this test using Apache Directory Studio as well (https://helpdesk.kaseya.com/entries/90977547-EMM-How-to-troubleshoot-AD-integration-issue-in-Mobility-using-Apache-Directory-Studio-)
Step 2: Please choose connection>connect and provide the details to your AD server. If the connection does not work then there is a connection issue that you will need to troubleshoot
Step 3: Once connected, please choose to bind(Ctrl+B) or connection>bind. Please use the AD credential you noted in point b. This binding should work and authenticate. If it does not then please verify the credential and user details on AD side
Step 4:Once connected and authenticated, please search the directory by choosing search option from browse>search or Ctrl+S
Please search for the distinguished name noted in point b
OU=Kaseya EMM Groups,DC=company,DC=com
eg,as shown below in screenshot. Your result should show the three security groups created. If this gives you error, the base DN you are specifying is incorrect, please check your AD to verify the distinguished name
Step 5: If this all passes, then the details you have should work with AD integration in EMM
If this does not fix the issue, please create a ticket with kaseya support and please add screenshots showing result of each above test. Kaseya Support can then verify if the issue is on the server side or not
Please collect directory-webservice.log from c:\kaseya\logs\services and please submit that to support when creating the support case along with screenshots of error message that may come up during the set up
Applies to R9 and above