Jump to content

Failed to load data on AD Sync

Recommended Posts

Trying to sync with Windows Server AD groups on a Windows Server 2012 R2 Operations Master.

Server specified by IP

Login: domain\username

Password is correct

Error is as follows-

Failed to load data: Active directory browsing failed. Check input server parameters and AD availability.: Trace info: First attempt failed to get rootDSE: The server is not operational. Error code: 0x8007203a. Second attemp with anonymous bind failed to get rootDSE: The server is not operational. Error code: 0x8007203a

What is my next step to resolve this? I see a lot of unanswered questions related to this.

Link to comment
Share on other sites

  • Administrators

Please refer to this help:



ESET PROTECT Server on Windows uses the encrypted LDAPS (LDAP over SSL) protocol by default for all Active Directory (AD) connections. You can also configure LDAPS on ESET PROTECT Virtual Appliance.

For a successful AD connection over LDAPS, configure the following:

1.The domain controller must have installed a machine certificate. To issue a certificate for your domain controller, follow the steps below:

a)Open the Server Manager, click Manage > Add Roles and Features and install the Active Directory Certificate Services > Certification Authority. A new Certification Authority will be created in Trusted Root Certification Authorities.

b)Navigate to Start > type certmgr.msc and press Enter to run the Certificates Microsoft Management Console snap-in > Certificates - Local Computer > Personal > right-click the empty pane > All Tasks > Request New Certificate > Enroll Domain Controller role.

c)Verify that the issued certificate contains the FQDN of the domain controller.

d)On your ESET PROTECT server, import the CA you generated to the cert store (using certmgr.msc tool) to the trusted CAs folder.


2.When providing connection settings to the AD server, type the FQDN of the domain controller (as provided in the domain controller certificate) in the Server or Host field. IP address is no longer sufficient for LDAPS.

To enable fallback to LDAP protocol, select the check box Use LDAP instead of Active Directory and type the specific attributes to match your server.

Should the problem persist, raise a support ticket please.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...