Ask the Community
Groups
EMM AD Integration Fails With Error: 'Invalid bind credentials received'. - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong><u>Problem:</u></strong> EMM AD integration fails and you have already verified the instructions <a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/entries/104730073-Enterprise-Mobility-Management-How-to-troubleshoot-Active-Directory-Integration-Fail-" rel="noopener nofollow">here</a>.</p> <ul><li>C:\Kaseya\Logs\Services\directory-webservice.log has following entry:</li> </ul><p><em>ERROR [2015-03-09 22:56:52,649] com.kaseya.directory.web.exception.mapper.InvalidCredentialsExceptionMapper: Received invalid credentials</em><br><em>! com.unboundid.ldap.sdk.LDAPException: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, <strong>data 52e</strong>, v1db1 </em><br><em>! at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2178) ~[kaseya-directory-integration.jar:na]</em><br><em>! at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:2095) ~[kaseya-directory-integration.jar:na]</em><br><em>! at com.kaseya.directory.core.connection.ConnectionTarget.<init>(ConnectionTarget.java:62) ~[kaseya-directory-integration.jar:na]</em><br><em>! ... 55 common frames omitted</em><br><em>! Causing: com.kaseya.directory.core.exceptions.InvalidCredentialsException: Invalid bind credentials received.</em></p> <p> </p> <p><strong>Cause:</strong> The login detail you are using in Kaseya's Mobility has an unsupported LDAP user format i.e domain/username or just username (without domain part) or the domain part you have specified is not being accepted. Notice the <strong>"data 52e"</strong> part in the error message, this simply means its the credential issue. So this error message could also mean the credential you have provided is incorrect</p> <p> </p> <p><strong>Solution:</strong></p> <p>1. Please make sure you are using the correct format of domain part. You can do a simple test in <a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/entries/104730073-Enterprise-Mobility-Management-How-to-troubleshoot-Active-Directory-Integration-Fail-">ldp.exe</a> where you can bind using your format and verify what format <strong>ldp.exe</strong> changes it to. The resulting format is the format you will need to use.</p> <p>For example in below screenshot, two attempts of connection with bind credential ktest.local\xxx and ktest-ad.ktest.local\xxx were made.Although both are correct it does not necessarily mean ldap will accept those formats. Therefore <strong>ldp.exe</strong> changes it automatically to appropriate format and in this case KTEST\Administrator. This is the format and domain part you will need to use in Kaseya EMM:</p> <p> </p> <p><img src="/attachments/token/yK4ODGjNE4DfxWHsv5R7tV0m5/?name=000562.jpg" alt="000562.jpg" width="637" height="259" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>2. You can also test with the Apache Directory Studio test: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.zendesk.com%2Fentries%2F90977547">https://kaseya.zendesk.com/entries/90977547</a></p> <p>If your format is incorrect or if the credential is incorrect you will receive an error message like this <strong>"[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9</strong>, comment:<strong> AcceptSecurityContext error, data 52e, v1db1"</strong></p> <p>In order to find out what is wrong, you will need to however use <strong>ldp.exe </strong></p> <p><img src="/attachments/token/Xo90jC7QIo7kCNLrHWEaLXFCV/?name=000559.jpg" alt="000559.jpg" width="478" height="425" class="embedImage-img importedEmbed-img"></img></p> <p>Here are some more error codes you may see in the data xxx part</p> <p><strong>525:user not found</strong><br><strong>52e:invalid credentials</strong><br><strong>530:not permitted to logon at this time</strong><br><strong>531:not permitted to logon at this workstation</strong><br><strong>532:password expired (remember to check the user set in osuser.xml also)</strong><br><strong>533:account disabled</strong><br><strong>534:The user has not been granted the requested logon type at this machine</strong><br><strong>701:account expired</strong><br><strong>773:user must reset password</strong><br><strong>775:user account locked</strong></p> <p> </p> <p><strong>Applies to:</strong> VSA 9.0 - 9.4.</p> </article> </main>