Unable to import Active Directory (AD) Organizational Units (OUs) through the Lightweight Directory Access Protocol (LDAP) in to the Symantec Endpoint Protection Manager (SEPM).
The following errors can be observed when encountering this issue:
"AD URL is malformed" (This error will occur when adding the AD Domain Controller (DC) under SEPM server properties, however the option to continue and add the DC anyway is still available.)
"Server failed to connect with target directory server." (This error will occur when attempting to import OUs as client groups into the SEPM console.)
This behavior can result when the SEPM is unable to authenticate with the AD server. The authentication failure can occur when the AD server's local security policy is set to "Require Signing" for the LDAP server signing requirements.
In order to resolve this issue, the LDAP server signing requirements must be set to "none."
Edit the Local Security Settings for LDAP on an AD server that is also a Domain Controller (DC).
Edit the Local Security Settings for LDAP on an AD server that is not a DC.
In the event you need to continue using "Require Signing" policy, apply the following changes:
On the AD server:
On the SEPM server:
Refer to https://support.microsoft.com/en-us/help/4034879/how-to-add-the-ldapenforcechannelbinding-registry-entry and https://support.microsoft.com/en-us/help/935834/how-to-enable-ldap-signing-in-windows-server-2008 for more information.