List of published manuals

List of manuals for contractors

IIJ ID Service Directory Sync Manual [Windows Active Directory]

Event ID: 12545 Could not connect to Active Directory/LDAP Server. 

1.Failure to connect to an Active Directory/LDAP server
Phenomenon

The following event is output to Event Viewer.

Log LevelMessage
warn

[Overview]
Could not connect to Active Directory/LDAP Server.

[Detail]
(Log details)

Description

Failure to connect to an Active Directory/LDAP server.

Support

Check whether the following parameters in the configuration file are configured correctly.

  • ldap addresses, port, user, password, and base_dn

Check whether the Active Directory/LDAP servers are operating properly.

When an LDAPS connection is enabled, check whether LDAPS is correctly configured on Active Directory.

2.Although connection to Active Directory was attempted via LDAP, only connection using LDAPS is allowed for Active Directory
Phenomenon

The following event is output to Event Viewer.

Log LevelMessage
warn

[Overview]
Could not connect to Active Directory/LDAP Server.

[Detail]
LDAP Result Code 8 "Strong Auth Required": 00002028: LdapErr: DSID-0C09027F, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839 (127.0.0.1)

Description

Although connection to Active Directory was attempted via LDAP, only connection using LDAPS is allowed for Active Directory.

Support

Take any of the following actions.

  • Allow LDAP communicator on Active Directory
  • Enable STARTTLS on Directory Sync

Also, specify start_tls for ad.ldap.server.encryption.

3.Connection to Active Directory’s port 636 was attempted, but Active Directory denied the connection
Phenomenon

The following event is output to Event Viewer.

Log LevelMessage
warn

[Overview]
Could not connect to Active Directory/LDAP Server.

[Detail]
unable to read LDAP response packet: read tcp (IP address) : (Port number) -> (IP address) :636: wsarecv: An existing connection was forcibly closed by the remote host. (IP address)

Connection to Active Directory’s port 636 was attempted, but Active Directory denied the connection

Support

Check the following.

  • Check for settings that allow Active Directory to deny connection
  • When STARTTLS is enabled on Directory Sync, check whether 389 is specified as the connection port for improvement

Start STARTTLS communication with port 389, not with port 636.

4.Although a request was sent to Active Directory via LDAP, there are no viewing privileges
Phenomenon

The following event is output to Event Viewer.

Log LevelMessage
error

[Overview]
Could not connect to Active Directory/LDAP Server.
[Detail]
#<ActiveLdap::AuthenticationError: All authentication methods for ldap://(IP address) (StartTLS) exhausted.> (IP address)

Description

Although a request was sent to Active Directory via LDAP, there are no viewing privileges.

Support

Check whether users for connecting to Active Directory have privileges to view all users and groups that will be synchronized over Active Directory.

5.Failed to connect to all Active Directory/LDAP servers
Phenomenon

The following event is output to Event Viewer.

Log LevelMessage
error

[Overview]
Could not connect to Active Directory/LDAP Server.

[Detail]
Could not Connect to ALL Active Directory/LDAP Server : (IP address of the LDAP server)

Description

Failed to connect to all Active Directory/LDAP servers.

Support

Check whether the following parameters in the configuration file are configured correctly.

  • ldap addresses, port, user, password, and base_dn

Check whether the Active Directory/LDAP servers are operating properly.

When an LDAPS connection is enabled, check whether LDAPS is correctly configured on Active Directory.