2 Replies Latest reply on Jan 10, 2012 6:36 AM by gifkoek

    User account permissions for adding an auth server to EMM hub?

      Hallo folks,

       

      I've set up an EMM 9.7 demo installation in dual mode, ie separate EMMproxy and EMMhub (running on Windows 2008 R2, proxy is standalone, hub is on a domain). I have an issue with configuring an AD server for the hub to use. The EMM event log shows the following two entries (domain and username sanitised):

      ------------------------------------------------

      EMM.Hub.ConsoleGateway

      Error while Testing for LDAPConnectionEMM.Domain.EMMException: LDAPConnection Error - Username: DOMAIN\USERNAME ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.

       

         at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

         at System.DirectoryServices.DirectoryEntry.Bind()

         at System.DirectoryServices.DirectoryEntry.get_Name()

         at EMM.Security.DirectoryServer.TestLDAPConnection(String Username, String Password, String DomainName, String DirServerLocation, String DirServerPath)

         --- End of inner exception stack trace ---

         at EMM.Security.DirectoryServer.TestLDAPConnection(String Username, String Password, String DomainName, String DirServerLocation, String DirServerPath)

         at EMM.Hub.ConsoleGateway.TestLDAPConnection(AuthServer authServer)

      ------------------------------------------------

      EMM.Domain.EMMException

      LDAPConnection Error - Username: DOMAIN\USERNAMEEMM.Domain.EMMException: LDAPConnection Error - Username: DOMAIN\USERNAME ---> System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server.

       

         at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

         at System.DirectoryServices.DirectoryEntry.Bind()

         at System.DirectoryServices.DirectoryEntry.get_Name()

         at EMM.Security.DirectoryServer.TestLDAPConnection(String Username, String Password, String DomainName, String DirServerLocation, String DirServerPath)

         --- End of inner exception stack trace ---

      ------------------------------------------------

       

      I have configured the hub to use a test AD server which is located on the same network, using a domain admin account - this seems to work perfectly. However, for production I need to use an AD server that is on a different network, behind a firewall. Connecting to this AD produces the above errors. Note that the EMMhub is located in a different domain from the AD that it tries to connect to.

       

      So my production setup will have the EMMproxy, EMMhub and AD on three different firewall segments. I have confirmed connectivity between the hub and AD using windump - there is clearly packets flowing on port 389 (LDAP).

       

      We have also tried the auth server configuration with a domain admin user, but this produces the same error.

       

      Unfortunately the logs don't provide any more detail, and the documentation is equally brief on what is required for the configuration.

       

      Does anyone have some more information on the specific requirements for the account required for the auth server setup, or have input on this error?

       

      regards

      corne