• Adding Active Directory integration in Aria Operations for Logs fails with below error.

AD authentication failed

• The "/storage/core/loginsight/var/runtime.log" contains the following error:

at java. util. concurrent . ForkJoinTask. doExec (Unknown Source) [ ?:? ]
at java.util.concurrent. ForkJoinPool$WorkQueue. topLevelExec (Unknown Source) [ ?:? ]
at java. util. concurrent. ForkJoinPool. scan (Unknown Source) [ ?:? ]
at java. util.concurrent. ForkJoinPool. runWorker (Unknown Source) [ ?:? ]
at java. util. concurrent. ForkJoinWorkerThread. run (Unknown Source) [ ?:? ]
Caused by: com. vmware. loginsight. commons. exceptions. AuthenticationException: Invalid or untrusted domain '<Domain-Name>.
at com. vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.getActiveDirectoryConfigurationAttributes (ActiveDirectoryQueryHelper. java: 972) ~[auth-lib. jar: ?]
at com. vmware. loginsight.aaa.ad.ActiveDirectoryValidator. validateActiveDirectoryConnection (ActiveDirectoryValidator. java: 102) ~ [auth-lib. jar: ?]
... 44 more

Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090346, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4f7c]
at com. sun. jndi. ldap. LdapCtx.mapErrorCode (Unknown Source) ~ [ ?: ?]

• If the "/storage/core/loginsight/var/runtime.log" contains the following error (LdapErr: DSID-0C09035C), indicates that the Active Directory server will have baseline hardening that will not allow simple bind to occur without an encryption transport

Unable to validate Active Directory credentials. Please check your Active Directory DNS name, port, and SSL settings as well as your username and password .; AuthenticationNotSupportedException:
[LDAP: error code 8 - 00002928: LdapErr: DSID-0C09035C, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection,lata 0, v65f4

VMware Aria Operations for Logs 8.x

VCF Operations for Logs 9.0

The complete Active Directory certificate trust chain wasn't imported into Aria Operations for Logs.
Aria Operations for Logs >> Management >> Certificates.

To resolve the integration issue between Active directory and Aria Operations for Logs, follow the below steps:

• Delete the existing Active Directory thumbprint from Aria Operations for Logs.
      Aria Operations for Logs >> Management >> Certificates
• Add Active Directory integration in Aria Operations for Logs
• Run the "Test connection" and then Accept the certificate that pops up to finish validation.
• Click "Save".