Re: LDAP Lookup failure

When I think of a router I look at it as both a router/firewall. I should
have elaborated. If you are on the box and the app is failing and you can't
bind but LDP can, then that should clear ldap for you. Since it is using
ldap to bind to the server.

When it fails can you also do a forward and reverse lookup of the host name
via nslookup?


Also
Try running netdiag, repadmin and dcdiag. Look for fail, error and warning
errors.

If you don't have the tools installed load them from your install disk.

d:\i386\adminpak.msi (Server tools for remote management of servers)
d:\support\tools\setup.exe (Server Utilities)

Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out. make sure you
modify DC_Name to the name of a dc in your domain.

@echo off

c:
cd \
cd "program files\support tools"

del c:\dcdiag.log
dcdiag /e /c /v /s:DC_Name /f:c:\dcdiag.log
start c:\dcdiag.log

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23%2385iNViFHA.1044@xxxxxxxxxxxxxxxxxxxxxxx
> The iGate authentication process is also using 389. It is purely checking
> the AD for user auth, and does no modifications.
>
> I hve twice reconfigured from scratch the appliance, and it works for a
> short time (1-2 days), then for some still unkown reason it fails to bind
> to the LDAP directory. I have had an iGate engineer check on the box, and
> has performed several tests, but everything so far points to a problem
> being able to bind to the LDAP service.
>
> I know it is not a route error, as I can ping the server without issue.
>
> thanks for your continued help.
>
> Mark
>
>
>
> "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
> news:%23GryQBViFHA.1148@xxxxxxxxxxxxxxxxxxxxxxx
>> Does this bind solely on 389 or does it use ssl (636) as well? If you
>> are doing any password mods it has to use 636.
>>
>> Also I would wait until you got a failure before running LDP unless it is
>> a continuous error. But from what I read it is only during certain
>> times. Which kind of strikes as a route error type issue
>>
>> --
>>
>>
>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> "Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:ewVvr7UiFHA.2472@xxxxxxxxxxxxxxxxxxxxxxx
>>>I have loaded up the ldp.exe, and this can succesfully connect to the AD,
>>>and I can perform lookups and I can bind with the username used on the
>>>iGate appliance.
>>>
>>> tbh I would have prefered it if it didn't so I could have got some error
>>> output and find a cause for the continued failure!
>>>
>>> thanks
>>>
>>> "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
>>> news:OpdfVgUiFHA.3436@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Load LDP.exe from the Microsoft support tools and try to bind from the
>>>> failed server. This may help you narrow down the error. Try both the
>>>> ip address and the host name
>>>>
>>>> Install disk
>>>>
>>>> Support tools
>>>> d:\support\tools\setup.exe
>>>>
>>>> Administrative tools
>>>> d:\i386\adminpak.msi
>>>>
>>>> --
>>>>
>>>>
>>>> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>>>>
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>>
>>>> "Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:e%23Qv89TiFHA.3336@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> It is an iGate SSL VPN appliance, which needs to retrieve auth data
>>>>> from the AD, to allow external users access through the VPN tunnel.
>>>>>
>>>>> Error log extract:
>>>>>
>>>>> [Fri Jul 8 17:08:34 2005] LDAP_INFO: Perform simple authentication
>>>>> for mark@server
>>>>> [Fri Jul 8 17:08:34 2005] LDAP_ERROR: ldap_simple_bind_s: Can't
>>>>> contact LDAP server
>>>>> [Fri Jul 8 17:08:34 2005] LDAP_ERROR: ldap bind error
>>>>>
>>>>> ## end ##
>>>>>
>>>>> "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
>>>>> news:O%236qC2TiFHA.1232@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Mark, what's the application?
>>>>>> A lot of times, if you turn up the audit logging for failed logon
>>>>>> attempts, it's really helpful in determining what credentials are
>>>>>> being passed to the server by the application. You can often narrow
>>>>>> it down pretty quickly that way.
>>>>>>
>>>>>> Al
>>>>>>
>>>>>>
>>>>>> "Mark" <nospam@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>> news:%23QBBcMSiFHA.1412@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am not hugely experienced in AD matters, and have had some trouble
>>>>>>> with an application that needs to authenticate against my AD on
>>>>>>> SBS2003.
>>>>>>>
>>>>>>> On the software I am getting communication and bind errors, when
>>>>>>> doing the lookup. It is a very strange situation, as it works for a
>>>>>>> while, and then with no changes will stop and give the communication
>>>>>>> and bind errors.
>>>>>>>
>>>>>>> I have also tried using the LDAP browser application, and cannot get
>>>>>>> this to work.
>>>>>>>
>>>>>>> The following settings were used:
>>>>>>>
>>>>>>> Host: server.domain.local
>>>>>>> Port 389
>>>>>>> Version 3
>>>>>>>
>>>>>>> (I can fetch DN's succesfully)
>>>>>>>
>>>>>>> Turned off anonymous bind (should this work with anon?)
>>>>>>>
>>>>>>> User DN: cn=%username%
>>>>>>> Password: %correct password for user%
>>>>>>>
>>>>>>> Thanks for any help advice you can give.
>>>>>>>
>>>>>>> Mark
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: Query LDAP from Linux??
    ... the LDAP Java stuff was ... This means he will need a server name to bind too. ... He will need a port, if he wants to do a standard LDAP bind he will want 389. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to prevent LDAP simple bind?
    ... While you are using a program that uses ADSI to communicate to any ... the program cannot bind to the LDAP ... server by using the ADS_USE_SSL/ADS_USE_ENCRYPTION options in the ... SSL port number 636 when it makes a bind call to the LDAP server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to prevent LDAP simple bind?
    ... While you are using a program that uses ADSI to communicate to any ... the program cannot bind to the LDAP ... server by using the ADS_USE_SSL/ADS_USE_ENCRYPTION options in the ... SSL port number 636 when it makes a bind call to the LDAP server. ...
    (microsoft.public.win2000.active_directory)
  • Delegate access from Entourage problems
    ... When you try to configure delegate access to a Microsoft Exchange Server account in Microsoft Entourage 2004 for Mac, ... Specify the name of your LDAP server in Entourage, ... These setting works fine for making LDAP request in our LDAP server for making "check names" requests ... 130.226.200.39 LDAP MsgId=1 Bind Request. ...
    (microsoft.public.mac.office.entourage)
  • Re: Bind fails with an error port is in use.
    ... error but still bind fucntion fails with error that port is in use. ... and switching to another user and try to run my server application. ...
    (comp.sys.mac.programmer.help)