Active Directory sync errors after upgrading to 11.0.5002.333
I just completed upgrading my SEPM 11.0.4016 version to 11.0.5002.333. Everything seemed to work just fine, clients checking-in, etc. However, I noticed that I'm now getting LDAP error messages in the ADMIN\Servers area of the console.
The error states the following with my actual server name replaced with "myserver1234" :
"February 16, 2010 3:38:11 PM CST: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C09018A, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, vece ] [Site: My Site] [Server: myserver1234]"
I verified that the settings were still accurate in the Directory Servers tab and that the domain account being used is still valid.
I then went into the CLIENTS area and right-clicked an upper branch of Active Directory and selected Sync Now. When I went back to the Admin\Servers area, there is now a new message that follows:
"February 16, 2010 3:51:39 PM CST: 2/16/10 3:51 PM Organization importing failed (unknown error) [Site: My Site] [Server: myserver1234]"
I've done a search for the specific LDAP error on the Symantec KB and this forum but have not had any luck.
Can anyone please direct me where to go from here?
Thanks in advance,
Scott
Comments
Check
tick to enable the secure connection on the LDAP connection dialog
Check this
https://www-secure.symantec.com/connect/forums/protection-manager-failed-connect-ad-server
http://technet.microsoft.com/en-us/library/cc778124(WS.10).aspx
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Both the Domain Controller
Both the Domain Controller and Local Machine are set to 'Require Signing' as required so this should not be an issue. However, I just now noticed that the checkbox for "Use Secure Connection" was cleared out after the reinstall. After checking this box and clicking ok, I didn't get an error message as before in the ADMINS\SERVERS area. But, when going into the CLIENTS area and attempting a SYNC NOW I do get the same message as before.
However, within the CLIENTS area, when I click IMPORT ORGANIZATIONAL UNIT OR CONTAINER, it DOES allow me to read Active Directory once again. What would happen if I just delete the top-level OU out of the CLIENT console and just re-import it? Will it blow away the links between the OU's and the policys?
Thanks in advance...
Title: 'Error: "Organization
Title: 'Error: "Organization importing failed (unknown error)" when attempting to add a Directory Server in the Symantec Endpoint Protection Manager'
Document ID: 2008082507554648
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008082507554648?Open&seg=ent
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
No It won't.Infact nothing
No It won't.Infact nothing will happen if you haven't assigned any special policies to them. If you have then you will have to create and assign the special policies back again.
SO you can delete and re-import without any issues.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Deleted And Re-Imported
Ok...I deleted the original OU tree and just reimported it. I suppose it will be several hours before the hundred or so clients check-in and I know that everything is good to go. I will update accordingly.
Thanks very much!
Success
Thanks for the assistance. All clients have been upgraded as well and are checking-in normally.
Would you like to reply?
Login or Register to post your comment.