Ask the Community
Groups
EMM: How to Troubleshoot Active Directory Integration Failures? - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>Problem: </strong>On-boarding Customers in EMM fails due to Active Directory Integration Issue.</p> <p>Kaseya Directory Integration Service log available at <strong>C:\Kaseya\Logs\Services\directory-webservice.log</strong> of Kaseya Server will have an entry like shown below:</p> <p><em>ERROR [2015-02-24 03:21:06,647] com.kaseya.directory.core.exceptions.LdapBindFailureException: Bind failed to the LDAP server.</em><br><em>! java.io.IOException: <strong>An error occurred while attempting to establish a connection to server /10.20.52.156:389</strong>: java.net.ConnectException: Connection timed out: connect</em><br><em>! at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:158) ~[kaseya-directory-integration.jar:na]</em><br><em>! at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:859) ~[kaseya-directory-integration.jar:na]</em><br><em>! ... 61 common frames omitted</em></p> <p> </p> <p><strong>Cause:</strong> Enterprise Mobility Management requires the Active Directory server be open to an inbound read-only connection (secure LDAP port recommended) from a single whitelisted IP address. The AD is never open to the entire internet.</p> <p> </p> <p><strong>Resolution:</strong></p> <p><strong>1.</strong> Please make sure the basic requirements have been checked:</p> <ul><li><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fhelp.kaseya.com%2FWebHelp%2FEN%2FMobility%2F9040000%2Findex.asp%2330974.htm" rel="noopener nofollow">https://help.kaseya.com/WebHelp/EN/Mobility/9040000/index.asp#30974.htm</a></li> <li><a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/entries/88507087-EMM-Basic-Requirements">https://kaseya.zendesk.com/entries/88507087-EMM-Basic-Requirements</a></li> </ul><p>Ensure that the configuration on the Active Directory has been sorted out as per our help file:</p> <ul><li><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fhelp.kaseya.com%2FWebHelp%2FEN%2FMobility%2F9040000%2Findex.asp%2330885.htm">http://help.kaseya.com/WebHelp/EN/Mobility/9040000/index.asp#30885.htm</a></li> </ul><p><strong>Note:</strong> You need to create three active directory security groups. You will also add your AD users to these groups.</p> <p><strong>2.</strong> If you are reading this article, most likely you have configured everything as per this above help file. Please do note all the necessary information. This information is required to connect to any instance of Active Directory you intend to associate with an organization within Enterprise Mobility Management.</p> <ul><li>The domain name or IP address of the Active Directory server.</li> <li>The LDAP port used by Active Directory.</li> <li>The default LDAP port is 389. </li> <li>The base DN (distinguished name) to search for: Example: <strong>OU=Kaseya EMM Groups, DC=company, DC=com</strong> </li> <li>The credential to use to authenticate read access to this distinguished name. A dedicated credential is recommended.</li> </ul><p><strong>3.</strong> You have used these above details but the connection still does not work and shows below error:</p> <p><img src="/attachments/token/2KY3QKxJAspZ6H53eWHywiGnt/?name=000431.jpg" alt="000431.jpg" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p><strong>Here are the steps you need to take:</strong></p> <p><strong>Step 1:</strong> Please log into your Kaseya Server, open command prompt and run <strong>ldp.exe</strong>.</p> <p>To install LDP.EXE on Windows Server 2008, open the Server Manager, and under Roles, install Active Directory Lightweight Directory Services. Please check <a href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Ftechnet.microsoft.com%2F" rel="noopener nofollow">Microsoft technet</a> for more details. </p> <p>It is recommended to do this test using Apache Directory Studio as well:</p> <ul><li><a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/entries/90977547-EMM-How-to-troubleshoot-AD-integration-issue-in-Mobility-using-Apache-Directory-Studio-%C2%A0" rel="noopener nofollow">https://helpdesk.kaseya.com/entries/90977547-EMM-How-to-troubleshoot-AD-integration-issue-in-Mobility-using-Apache-Directory-Studio- </a></li> </ul><p><img src="/attachments/token/g6vCSVXNyejIFQDe1Megva6Pn/?name=000432.jpg" alt="000432.jpg" class="embedImage-img importedEmbed-img"></img></p> <p><strong>Step 2:</strong> Please choose <strong>Connection > Connect</strong> and provide the details to your AD server. If the connection does not work then there is a connection issue that you will need to troubleshoot:</p> <p><img src="/attachments/token/SYEBkieZz9UT3mw8fSar0j3wh/?name=000434.jpg" alt="000434.jpg" class="embedImage-img importedEmbed-img"></img></p> <p><strong>Step 3:</strong> Once connected, please choose to bind (<strong>Ctrl+B</strong>) or <strong>Connection > Bind</strong>. Please use the AD credential you noted in point b. This binding should work and authenticate. If it does not then please verify the credential and user details on AD side:</p> <p><img src="/attachments/token/CPDxShmpkKfKgGZr67buSMeKL/?name=000435.jpg" alt="000435.jpg" class="embedImage-img importedEmbed-img"></img></p> <p><img src="/attachments/token/BPkTx8L0pmtv77ZJXJHAPw7YW/?name=000436.jpg" alt="000436.jpg" class="embedImage-img importedEmbed-img"></img></p> <p><img src="/attachments/token/BrYxDPqvCCo4PabCRyMKZzZhv/?name=000437.jpg" alt="000437.jpg" class="embedImage-img importedEmbed-img"></img></p> <p><strong>Step 4: </strong>Once connected and authenticated, please search the directory by choosing search option from: <strong>Browse > Search</strong> or <strong>Ctrl+S </strong>alternatively.</p> <p>Please search for the distinguished name noted in point b:</p> <p><strong>OU=Kaseya EMM Groups,DC=company,DC=com</strong></p> <p>I.e., As shown below in screenshot, your result should show the three security groups created. If this gives you error, the base DN you are specifying is incorrect, please check your AD to verify the distinguished name:</p> <p><img src="/attachments/token/mD59I4YDpk9qVzUO20gOl5pJd/?name=000439.jpg" alt="000439.jpg" class="embedImage-img importedEmbed-img"></img></p> <p><strong>Step 5:</strong> If this all passes, then the details you have should work with AD integration in EMM.</p> <p>If this does not fix the issue, please create a ticket with Kaseya Support via <a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/hc/en-gb/requests/new" rel="noopener nofollow">this link</a>. Please add screenshots showing result of each above test, Kaseya Support can then verify if the issue is on the server side or not, as well as logs: <strong>C:\Kaseya\Logs\Services\directory-webservice.log</strong></p> <p> </p> <p><strong>Reference:</strong> <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fwww.lsoft.com%2Fnews%2FtechtipLSV-issue2-2014.asp">http://www.lsoft.com/news/techtipLSV-issue2-2014.asp</a></p> <p> </p> <p> </p> <p><strong>Applies to: </strong>VSA 9.0, 9.1, 9.2, 9.3, 9.4.</p> </article> </main>