0 Replies Latest reply on Aug 3, 2012 11:18 AM by Rtasselmyer77

    Unable to Synchronize with AD

      I have an ePO server running 4.6.2 that was just moved to a new server. I followed the steps outlined here https://kc.mcafee.com/corporate/index?page=content&id=KB51438 and made backups of all of the files, renamed the server and kept the same IP. It seems that I missed something as I can no longer synchronize my System Tree with AD. Previously I had the synchronization pointing directly at one of our domain controllers servers and replication was perfect. After the move this no longer worked. I tried to re-create this setup but was unable to connect to the AD tree to select a container that would be synchronized. To resolve that issue I setup a LDAP server to the same domain controller, which tests fine, and used the LDAP setting for the synchronization. Using the LDAP server I was then able to select a container and finish the replication setup. Upon running this task a failure message appears in the server task log instantly. The reason that is reported for the failure is below:

       

      "Synchronization point "XXXXX" failed to connect to the active directory server XXXDC03, user: null\null"  The user null\null is what ePO is reporting.

       

      In the EpoApSvr.log this gets reported.

       

      20120803120604    E    #02856    NAISIGN     Failed to decrypt data.  Error=-2146893819

      20120803120604    E    #02856    NAISIGN     Failed to decrypt data.  Error=Bad Data (-2146893819)

      20120803120604    E    #02856    EPOJNI      Failed to decrypt using the certificate.

      20120803120604    E    #02856    EPOJNI      Failed to decrypt the agent handler key.

      20120803120604    E    #02856    EPOJNI      Failed to get the Primary Agent Handler Key.

      20120803120604    E    #02856    NAISIGN     Failed to decrypt buffer due to invalid parameters.

      20120803120604    E    #02856    EPOLDAP     Failed to decode and decrypt the LDAP server password

      20120803120604    I    #02856    EPOLDAP     Connected to Server 'XX.XX.XX.XX' resolved from 'XX.XX.XX.XX'

      20120803120604    E    #02856    EPOLDAP     Bind failed, error = Invalid Credentials (49), user XXXX\adminXXX, server XX.XX.XX.XX, port 3268

       

      This points me to the certs but I moved all of these from the original server as per the ePO server move document in KB51438.

       

      Any thoughts?

       

      Robert