We have just recently changed our "old" server 2003 domain controllers and replaced them with server 2008 R2 (We demoted the old 2003 domain controllers).
After that operation we changed the AD sync from the old DC to the new one, but for some reason we get an LDAP error on port 389, credentials rejected. Now the LDAP port is open, but for some reason EPO or the server wont allow the connection to the LDAP port, it is even rejecting the Enterprise Admin credentials which makes no sense.
So my question is, what happend? Might it be because of the security on server 2008 that denies it or?
In the EPO menu under registred servers we can easly setup a LDAP test connection to the epo server, but the log says otherwise when we try to sync with the AD.
This error happend on all the 3 installed EPO servers we have one our site.
You can use this option (registered LDAP server) for AD sync.
Additionaly, What patch version of ePO 4.5 are you using. When you write the user name/password/domain details are you able to save the details under Group mapping or Save option is grayed out.
Please check if LDAP signing is enabled #: http://support.microsoft.com/kb/935834.Message was edited by: hem on 26/9/12 12:34:15 AM IST
As i wrote above when we setup a LDAP test connection in "registred servers" the test goes thru´ fine. But the AD sync fails.
We are running patch 6.
And the LDAP require signing is enabled.
When trying to sync the AD, the log says:
EPOLDAP Bind failed, error = Invalid Credentials (49) user "domain\username", server "Servername", port 389.
Also fails on port 636 (SSL).