Follow

Enterprise Mobility Management: How to troubleshoot Active Directory Integration Fail?

Problem: 

Onboarding Customers in EMM fails due to Active Directory Integration Issue

Kaseya Directory Integration Service log available at C:\kaseya\logs\services\directory-webservice.log of Kaseya Server will have an entry like shown below

ERROR [2015-02-24 03:21:06,647] com.kaseya.directory.core.exceptions.LdapBindFailureException: Bind failed to the LDAP server.
! java.io.IOException: An error occurred while attempting to establish a connection to server /10.20.52.156:389: java.net.ConnectException: Connection timed out: connect
! at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:158) ~[kaseya-directory-integration.jar:na]
! at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:859) ~[kaseya-directory-integration.jar:na]
! ... 61 common frames omitted

Cause:

Enterprise Mobility Management requires the Active Directory server be open to an inbound read-only connection (secure LDAP port recommended) from a single whitelisted IP address. The AD is never open to the entire internet.

Resolution:

a.Please make sure the basic requirements have been checked 

http://help.kaseya.com/WebHelp/EN/Mobility/9000000/index.asp#30974.htm

and https://kaseya.zendesk.com/entries/88507087-EMM-Basic-Requirements

Please ensure that the configuration on the active directory has been sorted out as per our help file

http://help.kaseya.com/WebHelp/EN/Mobility/9000000/index.asp#30885.htm

Please note that you need to create three active directory security groups. You will add your AD users to these groups.

b.If you are reading this article, most likely you have configured everything as per this above help file. Please do note all the necessary information.This information is required to connect to any instance of Active Directory you intend to associate with an organization within Enterprise Mobility Management.

The domain name or IP address of the Active Directory server.
The LDAP port used by Active Directory. The default LDAP port is 389. 
The base DN (distinguished name) to search for: Example: OU=Kaseya EMM Groups,DC=company,DC=com
The credential to use to authenticate read access to this distinguished name. A dedicated credential is recommended.

c.You have used these above details but the connection still does not work and shows below error.

000431.jpg

 

Here are the steps you need to take

Step 1: Please log into your kaseya server, open command prompt and run ldp.exe.
To install LDP.EXE on Windows Server 2008, open the Server Manager, and under Roles, install Active Directory Lightweight Directory Services. Please check microsoft technet for more details http://technet.microsoft.com/

It is recommended to do this test using Apache Directory Studio as well (https://helpdesk.kaseya.com/entries/90977547-EMM-How-to-troubleshoot-AD-integration-issue-in-Mobility-using-Apache-Directory-Studio-)

 

000432.jpg

Step 2: Please choose connection>connect and provide the details to your AD server. If the connection does not work then there is a connection issue that you will need to troubleshoot

000434.jpg

Step 3: Once connected, please choose to bind(Ctrl+B) or connection>bind. Please use the AD credential you noted in point b. This binding should work and authenticate. If it does not then please verify the credential and user details on AD side

000435.jpg

000436.jpg

000437.jpg

Step 4:Once connected and authenticated, please search the directory by choosing search option from browse>search or Ctrl+S
Please search for the distinguished name noted in point b

OU=Kaseya EMM Groups,DC=company,DC=com

eg,as shown below in screenshot. Your result should show the three security groups created. If this gives you error, the base DN you are specifying is incorrect, please check your AD to verify the distinguished name

000439.jpg

Step 5: If this all passes, then the details you have should work with AD integration in EMM

If this does not fix the issue, please create a ticket with kaseya support and please add screenshots showing result of each above test. Kaseya Support can then verify if the issue is on the server side or not

Reference:http://www.lsoft.com/news/techtipLSV-issue2-2014.asp

Further Investigation

Please collect directory-webservice.log from c:\kaseya\logs\services and please submit that to support when creating the support case along with screenshots of error message that may come up during the set up

 

Applies to R9 and above

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.