cancel
Showing results for 
Search instead for 
Did you mean: 
Charlz
Level 7
Report Inappropriate Content
Message 1 of 5

AD Synchronization failure

Hello,
I'm having trouble synchronizing AD with ePO 4.5.
I get this error in orion.log
2009-10-19 14:55:24,755 WARN [http-8443-Processor23] ldap.LdapAction - [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
com.mcafee.orion.ldap.LdapException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.connect(LdapConnectionImpl.java:133)
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.<init>(LdapConnectionImpl.java:75)
at com.mcafee.orion.ldap.LdapServerType.getConnection(LdapServerType.java:87)
at com.mcafee.orion.ldap.LdapAction.getTreeAttrs(LdapAction.java:122)
at com.mcafee.orion.ldap.LdapAction.testConnection(LdapAction.java:100)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.mcafee.orion.core.servlet.mvc.MvcActionFactoryBase.executeAction(MvcActionFactoryBase.java:60)
at com.mcafee.orion.core.servlet.ControllerServlet.executeAction(ControllerServlet.java:246)
at com.mcafee.orion.core.servlet.ControllerServlet.processRequest(ControllerServlet.java:131)
at com.mcafee.orion.core.servlet.ControllerServlet.doPost(ControllerServlet.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogValve.java:482)
at com.mcafee.orion.core.server.AjaxValve.invoke(AjaxValve.java:88)
at com.mcafee.orion.core.server.OrionUserSetupValve.invoke(OrionUserSetupValve.java:54)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:420)
at com.mcafee.orion.core.server.OrionSingleSignOn.invoke(OrionSingleSignOn.java:113)
at com.mcafee.orion.core.server.ParameterEncodingValve.invoke(ParameterEncodingValve.java:37)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2960)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2762)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2676)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:288)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at com.mcafee.orion.ldap.internal.LdapConnectionImpl.connect(LdapConnectionImpl.java:113)
... 35 more


Anyone encountered this error?
Any help is appreciated!
Thank you!
4 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

RE: AD Synchronization failure

Have you configured the setting for the LDAP registered server in ePO to use SSL? That mnay solve it.

HTH -

Joe
Charlz
Level 7
Report Inappropriate Content
Message 3 of 5

RE: AD Synchronization failure

Yes I did.
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

RE: AD Synchronization failure

If that didn't help then I'm afraid I don't know - searching for that error message implied that SSL wasn't being used (as from what I can find out, you only get that message if SSL is not in use.)

Sorry Smiley Sad

Joe
d0x
Level 7
Report Inappropriate Content
Message 5 of 5

RE: AD Synchronization failure

Read this about the AD:

http://technet.microsoft.com/en-us/library/cc778124(WS.10).aspx

Is your ePO not in the same domain? Because the correct way to bypass that problem would be to use the domain certificate to encrypt the connection. Also the port goes from 389(LDAP) to 636.