cancel
Showing results for 
Search instead for 
Did you mean: 
Charlz
Level 7
Report Inappropriate Content
Message 1 of 5

AD Synchronization failure

Hello,
I'm having trouble synchronizing AD with ePO 4.5.
I get this error in orion.log
2009-10-19 14:55:24,755 WARN [http-8443-Processor23] ldap.LdapAction - [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
com.mcafee.orion.ldap.LdapException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.connect(LdapConnectionImpl.java:133)
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.<init>(LdapConnectionImpl.java:75)
at com.mcafee.orion.ldap.LdapServerType.getConnection(LdapServerType.java:87)
at com.mcafee.orion.ldap.LdapAction.getTreeAttrs(LdapAction.java:122)
at com.mcafee.orion.ldap.LdapAction.testConnection(LdapAction.java:100)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.mcafee.orion.core.servlet.mvc.MvcActionFactoryBase.executeAction(MvcActionFactoryBase.java:60)
at com.mcafee.orion.core.servlet.ControllerServlet.executeAction(ControllerServlet.java:246)
at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServlet.java:131)
at com.mcafee.orion.core.servlet.ControllerServlet.doPost(ControllerServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogValve.java:482)
at com.mcafee.orion.core.server.AjaxValve.invoke(AjaxValve.java:88)
at com.mcafee.orion.core.server.OrionUserSetupValve.invoke(OrionUserSetupValve.java:54)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:420)
at com.mcafee.orion.core.server.OrionSingleSignOn.invoke(OrionSingleSignOn.java:113)
at com.mcafee.orion.core.server.ParameterEncodingValve.invoke(ParameterEncodingValve.java:37)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2960)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2762)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2676)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:288)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.connect(LdapConnectionImpl.java:113)
... 35 more


Anyone encountered this error?
Any help is appreciated!
Thank you!
4 Replies
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 2 of 5

RE: AD Synchronization failure

Have you configured the setting for the LDAP registered server in ePO to use SSL? That mnay solve it.

HTH -

Joe
Charlz
Level 7
Report Inappropriate Content
Message 3 of 5

RE: AD Synchronization failure

Yes I did.
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 4 of 5

RE: AD Synchronization failure

If that didn't help then I'm afraid I don't know - searching for that error message implied that SSL wasn't being used (as from what I can find out, you only get that message if SSL is not in use.)

Sorry 😞

Joe
Highlighted
d0x
Level 7
Report Inappropriate Content
Message 5 of 5

RE: AD Synchronization failure

Read this about the AD:

http://technet.microsoft.com/en-us/library/cc778124(WS.10).aspx

Is your ePO not in the same domain? Because the correct way to bypass that problem would be to use the domain certificate to encrypt the connection. Also the port goes from 389(LDAP) to 636.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community