veehexx 1 Posted January 17, 2019 Share Posted January 17, 2019 we're using ESMC hyperv appliance (currently migrating away from ERA6.5). ESMC is domain joined and we're attempting to sync groups. i've found that one of our AD servers isnt liking talking to ESMC (the PDC if that matters) and will refuse to populate the domain under the 'Distinguished Name' part of the task, yet the secondary AD works fine. i assume firewall but as far as we're aware it's only the ESMC having trouble. ideally we'd like to use our DNS-RR record for AD comms (ldap.domain.com) rather than a single defined server. any suggestions on where to start investigating why? only hint i'm getting on the failing server is: Quote Error loading data: Active directory browsing failed. Check input server parameters and AD availability.: Trace info: SearchLdap: 'ldapsearch' failed with 254 exit code, stderr: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted January 18, 2019 ESET Staff Share Posted January 18, 2019 Could you please check whether hints on older topic Virtual Appliance Multiple Domains and other issues helps in your case? It seems that credentials for secondary AD are not available .. any chance this appliance is joined into domain managed by working AD? Link to comment Share on other sites More sharing options...
Recommended Posts