cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 5

AD Synchronization failure

Hello,
I'm having trouble synchronizing AD with ePO 4.5.
I get this error in orion.log
2009-10-19 14:55:24,755 WARN [http-8443-Processor23] ldap.LdapAction - [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
com.mcafee.orion.ldap.LdapException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.connect(LdapConnectionImpl.java:133)
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.<init>(LdapConnectionImpl.java:75)
at com.mcafee.orion.ldap.LdapServerType.getConnection(LdapServerType.java:87)
at com.mcafee.orion.ldap.LdapAction.getTreeAttrs(LdapAction.java:122)
at com.mcafee.orion.ldap.LdapAction.testConnection(LdapAction.java:100)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.mcafee.orion.core.servlet.mvc.MvcActionFactoryBase.executeAction(MvcActionFactoryBase.java:60)
at com.mcafee.orion.core.servlet.ControllerServlet.executeAction(ControllerServlet.java:246)
at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServlet.java:131)
at com.mcafee.orion.core.servlet.ControllerServlet.doPost(ControllerServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogValve.java:482)
at com.mcafee.orion.core.server.AjaxValve.invoke(AjaxValve.java:88)
at com.mcafee.orion.core.server.OrionUserSetupValve.invoke(OrionUserSetupValve.java:54)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:420)
at com.mcafee.orion.core.server.OrionSingleSignOn.invoke(OrionSingleSignOn.java:113)
at com.mcafee.orion.core.server.ParameterEncodingValve.invoke(ParameterEncodingValve.java:37)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2960)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2762)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2676)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:288)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.connect(LdapConnectionImpl.java:113)
... 35 more


Anyone encountered this error?
Any help is appreciated!
Thank you!
4 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

RE: AD Synchronization failure

Have you configured the setting for the LDAP registered server in ePO to use SSL? That mnay solve it.

HTH -

Joe
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 5

RE: AD Synchronization failure

Yes I did.
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

RE: AD Synchronization failure

If that didn't help then I'm afraid I don't know - searching for that error message implied that SSL wasn't being used (as from what I can find out, you only get that message if SSL is not in use.)

Sorry 😞

Joe
Highlighted
Level 7
Report Inappropriate Content
Message 5 of 5

RE: AD Synchronization failure

Read this about the AD:

http://technet.microsoft.com/en-us/library/cc778124(WS.10).aspx

Is your ePO not in the same domain? Because the correct way to bypass that problem would be to use the domain certificate to encrypt the connection. Also the port goes from 389(LDAP) to 636.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community