cancel
Showing results for 
Search instead for 
Did you mean: 
jawsdk
Level 7
Report Inappropriate Content
Message 1 of 8

EPO 4.5 DC change LDAP error

Hello everyone.

We have just recently changed our "old" server 2003 domain controllers and replaced them with server 2008 R2 (We demoted the old 2003 domain controllers).

After that operation we changed the AD sync from the old DC to the new one, but for some reason we get an LDAP error on port 389, credentials rejected. Now the LDAP port is open, but for some reason EPO or the server wont allow the connection to the LDAP port, it is even rejecting the Enterprise Admin credentials which makes no sense.

So my question is, what happend? Might it be because of the security on server 2008 that denies it or?

In the EPO menu under registred servers we can easly setup a LDAP test connection to the epo server, but the log says otherwise when we try to sync with the AD.

This error happend on all the 3 installed EPO servers we have one our site.

Smells fishy.

7 Replies
hem
Level 15
Report Inappropriate Content
Message 2 of 8

Re: EPO 4.5 DC change LDAP error

Is AD sync also fails when you select to use Registered LDAP server?

jawsdk
Level 7
Report Inappropriate Content
Message 3 of 8

Re: EPO 4.5 DC change LDAP error

Yep.

hem
Level 15
Report Inappropriate Content
Message 4 of 8

Re: EPO 4.5 DC change LDAP error

You can use this option (registered LDAP server)  for AD sync.

Additionaly, What patch version of ePO 4.5 are you using. When you write the user name/password/domain details are you able to save the details under Group mapping or Save option is grayed out.

Please check if LDAP signing is enabled #: http://support.microsoft.com/kb/935834.

Message was edited by: hem on 26/9/12 12:34:15 AM IST
jawsdk
Level 7
Report Inappropriate Content
Message 5 of 8

Re: EPO 4.5 DC change LDAP error

As i wrote above when we setup a LDAP test connection in "registred servers" the test goes thru´ fine. But the AD sync fails.

We are running patch 6.

And the LDAP require signing is enabled.

jawsdk
Level 7
Report Inappropriate Content
Message 6 of 8

Re: EPO 4.5 DC change LDAP error

When trying to sync the AD, the log says:

EPOLDAP     Bind failed, error = Invalid Credentials (49) user "domain\username", server "Servername", port 389.

Also fails on port 636 (SSL).

Re: EPO 4.5 DC change LDAP error

Do you use special characters in your password? I've had a problem in ePO with a password that contained the ampersand character ("&").

jawsdk
Level 7
Report Inappropriate Content
Message 8 of 8

Re: EPO 4.5 DC change LDAP error

No speciel characters. I suspect this might be a security GPO setting that prevents this sync.