I have visited this topic “AD test connection issue”. HOwever, heresomeone stated to restart the server but which i tried (AD and VA’s). Still issue is there.
as VA does not have Telnet, look at the netcat section for testing if you can reach AD and IQService ports.
From VA, test if you can reach ports 389 and 636 of configured domain controller. Also, test if IQService port is reachable (5050 plain text or 5051 with tls). Always perform the test with the address as is configured in the connector, for example if you configured just the ip, test ip. If you configured full qualified name, test with full qualified name.
Another test should be to not user iqservice first, and test connector with AD plain text port (389). If works, turn tls and test connector with 636 port. Then, if works, test with iqservice plain text port (5050), and finally test with tls enabled (5051).
Hi Karan! Take note that the letters inside brackets are parameters. Here is a guide to use this command:
And for testing connectivity, you must use netcat inside toolbox, as Telnet is not present in VA. You should type:
$tb start
$tb session
nc -zv -w 5 FQDN PORT
there, you have to replace FQDN with the full qualfied name of your AD or IQService server, and PORT should be 389 and 636 for AD, and 5050 and 5051 for IQService.
Any suggestion on Firewall as how it has to be setup? As I when I am trying to ping the DC, I am getting timed out on port 389 and states operation in progress.
Besides Ousmane suggestion with whom I agree, please confirm if it really is a firewall problem. Ping can stuck if destination server has disabled icmp responses.
Try the netcat as if it were a telnet.
using fqdn: if connection is closed, port can be unreachable or fqdn is not resolvable by VA.
using only server name (without anything remaining first “.”, for example if fqdn is server1.yourdomain.xyz, try using only server1): if connection is closed, may means that port is unreachable, or VA can not resolve server name.
using ip: this will confirm all above. If you can reach DC, this means is absolutely a port problem (server not allowing connections to 389/636 or firewall is not letting you reach dc).
Try this 3 alternatives. In parallel, you can check network team to gain time.
@karan_1984 For Certificate, connect with infra team, they will give you commands to export certification and you can ask them how to install the certification in any server.
Thank you for the reply. However, right now the issue is not with the certificate. It is unable to establish connect with my sandbox environment to test AD.
Are you logging in with the service account as a user?
Go into ‘Services’ from the box hosting the IQService and double click on the service account, then on the ‘log on’ tab.
It should look like this:
As per the instruction, the IQService Account should be used with the service Account which is already being used for IQService.
I have 2 Domains and are in the different networks. I am able to connect with one but not able to connect to other domain. Ports are already opened as I am able to ping via AWS.