4 Replies Latest reply on Sep 15, 2015 1:14 AM by lnurmi

    Active Directory Connection Issue?




      I have this problem when checking AD connectivity:         


      Actually, i successful retrieve all user in AD, but it too slow to display in the User tree @@.


      Does anyone have any idea about this issue?


      Thanks and Regards!

        • 1. Re: Active Directory Connection Issue?



          I would check the management server traces from installation directory/tmp/, and perhaps packet captures to see what goes wrong and at what end. If issue persists I recommend opening an SR for a full investigation.

          • 2. Re: Active Directory Connection Issue?


            I found some logs, but not sure what's the issues is:

            E!com.stonesoft.h2a.mgtserver.ldap.accessor WARN [2015-09-08 11:18:30,792] [RMI TCP Connection(20)-] [am.f UW:1:2:Admin:en TX] {{DB,CLIENT}}

            M!Ignore reference on subsequent LDAP servers: Unprocessed Continuation Reference(s) while browsing dc=xx,dc=com



            E!com.stonesoft.util.rmi.exception INFO [2015-09-08 11:18:47,339] [RMI TCP Connection(8)-] [] {}

            M!public abstract od com.stonesoft.h2a.mgtserver.persistency.am.f(od)

            com.stonesoft.util.a.d: LDAP user domain xx.com is not reachable.

              at com.stonesoft.h2a.mgtserver.ldap.ai.a(ai.java:82)

              at com.stonesoft.h2a.mgtserver.ldap.ai.i(ai.java:59)

              at com.stonesoft.auth.h.k.restore(k.java:40)

              at com.stonesoft.h2a.mgtserver.persistency.u.f(u.java:86)

              at sun.reflect.GeneratedMethodAccessor132.invoke(Unknown Source)

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:43)

              at java.lang.reflect.Method.invoke(Method.java:483)

              at com.stonesoft.util.f.g.a(g.java:7)

              at com.stonesoft.util.f.h.a(h.java:36)



            Thanks and Regards!

            • 3. Re: Active Directory Connection Issue?



              With quick google search the first warning looks to be related to LDAP referrals:

              http://stackoverflow.com/questions/12222869/need-elaboration-on-unprocessed-cont inuation-reference


              The second message tells that LDAP domain is not reachable. Could it be that AD gives referral for this domain on different AD server, and management server don't have LDAP connectivity to that AD server?




              • 4. Re: Active Directory Connection Issue?

                I'd check what Tero mentioned. But also check that the base DN in your AD server element matches to what is found in the AD. Maybe there's a typo and you get referral error because of that. I've also seen that it can be case-sensitive, so check that the base DN in SMC and the DN in AD match case-wise too.


                - Lauri