Adding Active Directory Authentication Source fails
search cancel

Adding Active Directory Authentication Source fails

book

Article ID: 382471

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Adding Active Directory Authentication Source fails with “Test unsuccessful for ldap:” and “Host Unreachable. Reason: SocketTimeoutException: connection timed out” messages for the Host.

 

Environment

Aria Operations 8.x

Cause

The most likely cause is the network security configuration (like a firewall).

Resolution

Confirm that network security configuration is preventing connections from to port 636 on the Active Directory host from the VMware Aria Operations nodes.
From a root shell on a VMware Aria Operations node, perform tests like

curl -k -v telnet://AD_HOST:636 

echo | timeout 1 openssl1 s_client -showcerts -connect AD_HOST:636 2>/dev/null | openssl x509  -noout -issuer -subject -dates

where AD_HOST is the FQDN of the Active Directory host that is to be used as the authentication source.

If these command line tests fail with timeouts, you have confirmed that the error messages “Test unsuccessful for ldap:” and “Host Unreachable. Reason: SocketTimeoutException: connection timed out” that were returned by running the TEST of the VMware Aria Operations Active Directory Authentication Source configuration are caused by something other than the VMware Aria Operations product code.  Network security configuration (like a firewall) is the most likely cause.

Work with your network security team to allow the test commands to connect.