Jump to content

Recommended Posts

Posted

Trying to sync with Windows Server AD groups on a Windows Server 2012 R2 Operations Master.

Server specified by IP

Login: domain\username

Password is correct

Error is as follows-

Failed to load data: Active directory browsing failed. Check input server parameters and AD availability.: Trace info: First attempt failed to get rootDSE: The server is not operational. Error code: 0x8007203a. Second attemp with anonymous bind failed to get rootDSE: The server is not operational. Error code: 0x8007203a

What is my next step to resolve this? I see a lot of unanswered questions related to this.

  • Administrators
Posted

Please refer to this help:

https://help.eset.com/protect_admin/10.0/en-US/st_user_synchronization.html

 

ESET PROTECT Server on Windows uses the encrypted LDAPS (LDAP over SSL) protocol by default for all Active Directory (AD) connections. You can also configure LDAPS on ESET PROTECT Virtual Appliance.

For a successful AD connection over LDAPS, configure the following:

1.The domain controller must have installed a machine certificate. To issue a certificate for your domain controller, follow the steps below:

a)Open the Server Manager, click Manage > Add Roles and Features and install the Active Directory Certificate Services > Certification Authority. A new Certification Authority will be created in Trusted Root Certification Authorities.

b)Navigate to Start > type certmgr.msc and press Enter to run the Certificates Microsoft Management Console snap-in > Certificates - Local Computer > Personal > right-click the empty pane > All Tasks > Request New Certificate > Enroll Domain Controller role.

c)Verify that the issued certificate contains the FQDN of the domain controller.

d)On your ESET PROTECT server, import the CA you generated to the cert store (using certmgr.msc tool) to the trusted CAs folder.

 

2.When providing connection settings to the AD server, type the FQDN of the domain controller (as provided in the domain controller certificate) in the Server or Host field. IP address is no longer sufficient for LDAPS.

To enable fallback to LDAP protocol, select the check box Use LDAP instead of Active Directory and type the specific attributes to match your server.

Should the problem persist, raise a support ticket please.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...