Microsoft Active Directory Import will not connect to Domain Controller
search cancel

Microsoft Active Directory Import will not connect to Domain Controller

book

Article ID: 152776

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

Server is unable to connect to a domain using the Altiris Directory Connector. The Notification Server may not be in the domain that it is trying to connect to.

The following error will be seen on the rule when looking at the Microsoft Active Directory Import page.

The import rule has failed. The server is not operational.

The following errors will be found in the a.log file.

Priority: 1
Host Name: Servername
Process: aexsvc.exe (1844)
Module: AltirisNativeHelper.dll
Source: Altiris.DirectoryServices.DirectoryExport.LDAPExporterThread.GetDirectoryDataFromPath
Description: While getting directory data from 'LDAP Path', exception 'System.Runtime.InteropServices.COMException' caught in 'GetDirectoryDataFromPath'. Reason: The server is not operational ( Unhandled exception.  Type=System.Runtime.InteropServices.COMException Msg=The server is not operational Src=System.DirectoryServices
StackTrace=
   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
   at System.DirectoryServices.DirectorySearcher.FindAll()
   at Altiris.DirectoryServices.DirectoryExport.LDAPExporterThread.GetDirectoryDataFromPath()
COM Exception errcode = -2147016646 )


Process: aexsvc.exe (1844)
Module: AltirisNativeHelper.dll
Source: Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask
Description: While DoDirectoryImportTask for import rule Import Computer resources from (ServerName) starting from Root and using the default column mappings. Import all computers on the specified schedules. System.Runtime.InteropServices.COMException caught in DoDirectoryImportTask. Reason: The server is not operational ( Unhandled exception.  Type=System.Runtime.InteropServices.COMException Msg=The server is not operational Src=System.DirectoryServices
StackTrace=
   at Altiris.DirectoryServices.NSDirectoryItems.DirectoryImportTask.DoDirectoryImportTask(String taskid, String importXml, Boolean bUpdateImport)
COM Exception errcode = -2147016646 )

The error code -2147016646 translates to 8007203A.

Environment

8.x

Cause

The Altiris Directory Connector uses a secure direct connection to the domain controller.  This call requires the Notification Server to be able to resolve the DNS name of the domain.

Resolution

There are two possible ways to resolve this issue:
  1. Make the Notification Server a member server of your domain. This will establish a direct connection to the domain controller.
  2. Make sure the domain controller is listed in a DNS zone that the Notification Server can resolve. This will not require the server to be a member server, which will allow you to connect to a different domain. You can validate this connection by running an NSLookup against the domain name. If this can be resolved, the connector will also resolve this connection. 
  3. Add the full DNS name to HOSTS on the NS.  The rule seeks out the computername.domain as it tries to enumerate the containers and contents, and if it can not find the full name, it will fail.  For instance, if the computer name is DomController in the generic.dom domain, then you need to add the IP for domcontroller.generic.dom into HOSTS.  You may need other entries, but in tests, this was the key.

 

 

Powered by Wolken Software