Jump to content

Failed to load data on AD Sync

SteveInVT

By SteveInVT
in General Discussion

 Share

Recommended Posts

SteveInVT

SteveInVT 0

Posted
Posted

Trying to sync with Windows Server AD groups on a Windows Server 2012 R2 Operations Master.

Server specified by IP

Login: domain\username

Password is correct

Error is as follows-

Failed to load data: Active directory browsing failed. Check input server parameters and AD availability.: Trace info: First attempt failed to get rootDSE: The server is not operational. Error code: 0x8007203a. Second attemp with anonymous bind failed to get rootDSE: The server is not operational. Error code: 0x8007203a

What is my next step to resolve this? I see a lot of unanswered questions related to this.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Please refer to this help:

https://help.eset.com/protect_admin/10.0/en-US/st_user_synchronization.html

 

ESET PROTECT Server on Windows uses the encrypted LDAPS (LDAP over SSL) protocol by default for all Active Directory (AD) connections. You can also configure LDAPS on ESET PROTECT Virtual Appliance.

For a successful AD connection over LDAPS, configure the following:

1.The domain controller must have installed a machine certificate. To issue a certificate for your domain controller, follow the steps below:

a)Open the Server Manager, click Manage > Add Roles and Features and install the Active Directory Certificate Services > Certification Authority. A new Certification Authority will be created in Trusted Root Certification Authorities.

b)Navigate to Start > type certmgr.msc and press Enter to run the Certificates Microsoft Management Console snap-in > Certificates - Local Computer > Personal > right-click the empty pane > All Tasks > Request New Certificate > Enroll Domain Controller role.

c)Verify that the issued certificate contains the FQDN of the domain controller.

d)On your ESET PROTECT server, import the CA you generated to the cert store (using certmgr.msc tool) to the trusted CAs folder.

 

2.When providing connection settings to the AD server, type the FQDN of the domain controller (as provided in the domain controller certificate) in the Server or Host field. IP address is no longer sufficient for LDAPS.

To enable fallback to LDAP protocol, select the check box Use LDAP instead of Active Directory and type the specific attributes to match your server.

Should the problem persist, raise a support ticket please.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...