Showing results for 
Search instead for 
Did you mean: 
Level 7

Will EEPC 6.0.x work with LDAP in separate domain?

My main question is could an ePO 4.5 (patch 3) server synch users from an domain controller server in a separate "child" domain (in the same forest)? Is that a supported scenario? Or does the ePO server really need to be in the same domain as the LDAP it is synching users from, as I have seen suggested in other posts.

Our ePO server is a member of the top level forest domain (, and the primary domain where our users are is a separate domain in this forest. We are just now getting into EEPC 6 patch 1 set up for pilot testing and have followed the steps, and configured an LDAP server in this sub domain with an account from the same domain for the LDAP authentication. However we seem to be having issues with EEPC not becoming active on new clients, and it appears to be related to the LDAP authentication failing.

Again, the LDAP server is NOT a member of,  but a child domain in this same AD forest. The account for connecting to  LDAP is also in this child domain, so I did not expect that ePO would  need to connect to the domain at all. Maybe I missed something in the documentation that  specified that ePO being in the same domain is a requirement. Assuming  this scenario should work, then do I need to set up a single account  that would have rights to both the domain, AND the sub  domain where LDAP and all of the users reside? Which domain should that  account be created in, the ePO server's domain, or the primary LDAP domain? I  would appreciate any suggestions and help.

Here is an excerpt from the debug log on one of the clients where EEPC won't go active:

2011-2-1 0:3:6,111 DEBUG MfeEpeHost From uuid = B115AA20-0396-4F41-A230-F61AE50E1DF7 From Service =  To uuid =  To Service = MfeEpeServiceDCServer Message = <element xsi:type="ns1Smiley Very HappyCDataMsg"><sendTo serviceName="MfeEpeServiceDCServer" xsi:type="ns1:MfeEpeAddress"></sendTo><name>EEADMIN_1000_AddDomainUsersExc</name><data>
    &lt;message&gt;Unable to connect to any domain controllers for domain: Last error was: Unable to authenticate with the LDAP server. Verify the username and password are correct.&lt;/message&gt;
2011-2-1 0:3:6,111 ERROR EpoPlugin [0xEE000005] Failed to deserialize type

Message was edited by: dmartin on 2/3/11 1:07:51 AM CST
0 Kudos