SteveInVT 0 Posted May 18, 2023 Posted May 18, 2023 Trying to sync with Windows Server AD groups on a Windows Server 2012 R2 Operations Master. Server specified by IP Login: domain\username Password is correct Error is as follows- Failed to load data: Active directory browsing failed. Check input server parameters and AD availability.: Trace info: First attempt failed to get rootDSE: The server is not operational. Error code: 0x8007203a. Second attemp with anonymous bind failed to get rootDSE: The server is not operational. Error code: 0x8007203a What is my next step to resolve this? I see a lot of unanswered questions related to this.
Administrators Marcos 5,468 Posted May 18, 2023 Administrators Posted May 18, 2023 Please refer to this help: https://help.eset.com/protect_admin/10.0/en-US/st_user_synchronization.html ESET PROTECT Server on Windows uses the encrypted LDAPS (LDAP over SSL) protocol by default for all Active Directory (AD) connections. You can also configure LDAPS on ESET PROTECT Virtual Appliance. For a successful AD connection over LDAPS, configure the following: 1.The domain controller must have installed a machine certificate. To issue a certificate for your domain controller, follow the steps below: a)Open the Server Manager, click Manage > Add Roles and Features and install the Active Directory Certificate Services > Certification Authority. A new Certification Authority will be created in Trusted Root Certification Authorities. b)Navigate to Start > type certmgr.msc and press Enter to run the Certificates Microsoft Management Console snap-in > Certificates - Local Computer > Personal > right-click the empty pane > All Tasks > Request New Certificate > Enroll Domain Controller role. c)Verify that the issued certificate contains the FQDN of the domain controller. d)On your ESET PROTECT server, import the CA you generated to the cert store (using certmgr.msc tool) to the trusted CAs folder. 2.When providing connection settings to the AD server, type the FQDN of the domain controller (as provided in the domain controller certificate) in the Server or Host field. IP address is no longer sufficient for LDAPS. To enable fallback to LDAP protocol, select the check box Use LDAP instead of Active Directory and type the specific attributes to match your server. Should the problem persist, raise a support ticket please.
Recommended Posts