search cancel

Active Directory connection stops within a minute of saving the ICDx configuration

book

Article ID: 174785

calendar_today

Updated On:

Products

ICDx

Issue/Introduction

Active Directory (AD) connection stops within a minute of saving the ICDx configuration

  • An error similar to the following appears at the Linux CLI as output from the ICDx installer or appears in the installation log:
    2019-05-15 17:59:25,984 [main] ERROR c.s.p.identity.ldap.LdapIdentityProvider - Failed startup connection to LDAP server [ldaps://hostname.domain.tld:636] using Bind User [[email protected]] err=[simple bind failed: hostname.domain.tld:636]

     
  • Within the target AD server, the Authentication Log does not appear to have an Audit Failure event containing the username used for the binding credentials in the ICDx Active Directory configuration.
     

Environment

  • ICDx installer version 1.2.0
  • Ubuntu 16.04

Resolution

Symantec is investigating at this time.

 

To eliminate the possibility of a simple networking issue

  1. At the Linux CLI of the ICDx machine, type:
    ssh 10.0.0.10 -p 636

    ...where 10.0.0.10 is the IP address of the AD Server and 636 is the port listening for LDAPS bind requests.
     
  2. If the connection is immediately rejected, troubleshoot intervening network connectivity based on whatever error appears
  3. If the ssh command appears to pause without returning to the command prompt, then the basic SSL connectivity to the IP and port works. In this scenario, ICDx may need to import the certificate used by the LDAPS service on the AD server.