File Share Encryption

 View Only
Back to discussions
Expand all | Collapse all

Symantec Encryption Management Server - LDAP Test Failed

  • 1.  Symantec Encryption Management Server - LDAP Test Failed

    Posted Sep 17, 2015 06:13 PM

    Hi,

    Hopefully someone can help me with this issue.

    I'm creating a new PGP 3.3 server and I'm having problems making an LDAP connection to my domain.

    I've created a service account (Bind DN =    CN=svr_pgp,DC=mydomain,DC=co,DC=uk) and entered these details into the "edit ldap directory" menu under consumers>directory synchronization>Edit ldap directory

    LDAP Servers have been defined. 2 DCs have been added with hostname and IPs. These DCs are Windows 2008r2 Servers.

    The Test Connection fails to work - LDAP Test Failed. The host did not accept your authenication credentials.

    The service account has been tested with a different password, it's enabled and not locked. The service account has been moved into a different OU and the new Bind DN has been tested. I've also tried with my admin account. It fails every time.

    If I enter the LDAP credentials without a passphase the Test connections are success      ????

    I'm really confused at this point. I know the LDAP credentials without a passphase is not working because there are no records displayed when you click on "view sample records.."

    thanks,

    This is a old post but I have the same issue and the old post never was resolved. 



  • 2.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Sep 17, 2015 06:32 PM

    If there is no passphrase (or no username and password) entered, it will simply ping the server to see if it is available.  If you click on "View Sample Records..." in the bottom left, nothing will be displayed.

    Try using the shorthand method for the credentials.  That would simply be the username and domain in email-style format.  In this case svr_pgp@mydomain.co.uk.

    In your post you also mentioned you used "CN=svr_pgp,DC=mydomain,DC=co,DC=uk".  Is that where the user is located?  Typically there is a folder in place as well, such as "CN=svr_pgp,CN=Users,DC=mydomain,DC=co,DC=uk".

    Let me know if either of those help.  Also, you should always test an account for the Bind DN by using View Sample Records in addition to Test Connection.  If it pulls any data at all, it is successful.



  • 3.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Sep 17, 2015 07:15 PM
    Thanks Mike this is only an example, I'll try to with the user in the format user@mail.com, after that I will comment what happend


  • 4.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Sep 18, 2015 12:57 PM

    Okay first off ---full Distinguished name ----

    CN=NAME_XXXX,OU=XX,OU=XXXX,OU=XXXXXXXXXXX,DC=XXX,DC=local

     

    Also you have to specifiy the BASE DNs to search ---------- if you do not do this or use the default

     

    DC=XXXX,DC=LOCAL

    it will run too Deep it will STOP searching and Fail -----

     

    SO Under the area for your LDAP Directories ----- Set your BASE DNs --- to search as close to where it can find your users the fastest ------

    Do this as many times as needed to isolate your users that will be encrypted via LDAP enrollment as possible

    OU=XXXXXXXXXXX,DC=XXX,DC=local

     

    DO the very last one as DC=XXXX,DC=LOCAL as a catch all

     

    Also ensure that your User for the LDAP lookups is a service account with the adequate permissions to read off the LDAP servers -----

    Also ---- make sure your are using the correct protocol for your LDAP servers ------ as Most Microsoft servers were switched from 389 Unsecure to 636 or LDAPs  ---- by default 2012 DCs do not allow for Unsecure LDAP.

     

     



  • 5.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Sep 18, 2015 01:03 PM

    Also in that same area ----- Under Managed Domains - ensure that all the domains your users are found under are listed -----

     

    This can help if your organization does not give every user E-Mail ------

     

    So list your MAIL domain ------ your Local domain -------- and any previous Mail domains you still have active SMTP / POP3/ IMAP on

     

    So that way your Consumer Policies can attach based on a an easy match criteria --- - policy assigned by Email --- instead of business group or OU in LDAP.



  • 6.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Sep 18, 2015 05:13 PM

    Hi

    My user is domain admin and I have a DC 2012 R2, rigth now I'm tring to set the user as you indicate (LDAPS port 636), but I have a simple question,

    The user that I'm using is "user xxx xxx", It has some blank spaces, so

    do you recomend modified the user to this form "User_xxx_xxxx"??

    It because I have a new error message:

    LDAP Test Failed
    The host could not be reached. Please check your settings and try again.


  • 7.  RE: Symantec Encryption Management Server - LDAP Test Failed
    Best Answer

    Posted Sep 25, 2015 04:29 PM

    Finally, I discovered what was the issue, was the password.

    I was using # and @ in my passwords, I changed the password without these symbols and work fine.



  • 8.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Oct 22, 2015 03:02 PM
    I changed the password without any special char's still i am not getting connected to LDAP. Please any more suggestions?


  • 9.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Oct 22, 2015 03:04 PM

    I changed the passphrase with no special chars. Still i am not getting connected to LDAP. 

    Please suggest. 

     

    Thanks in advance. 

     



  • 10.  RE: Symantec Encryption Management Server - LDAP Test Failed

    Posted Oct 22, 2015 04:12 PM

    do you have the correct permissions  in the user?

    do you have the ports open? are you selected the correct option, LDAP o SLDAP?