Please share any images or screenshots, if relevant.
Share all details about your problem, including any error messages you may have received.
Hi all, would need some help to troubleshoot what are the possible things I could do to fix this issue?
Currently in my active directory application while testing connection we are getting [ InvalidConfigurationException ] [ Possible suggestions ] Ensure that the Active Directory Service is up and running. [ Error details ] Failed to connect to - dc=abc,dc=def,dc=hi: java.lang.Exception: [ERROR 1] Failed to connect to server:ldap://<<…>>:636 - java.net.SocketException: Connection reset [ERROR 2] Failed to connect to server:ldap:/<<…>>:636 - java.net.SocketException: Connection reset
Hi, I think network connectivity wise it is cleared as I tried using an LDAP application connector and able to test connection successfully. Does this error mean there are issues from IIQ perspective or the Active Directory end?
@shijingg If the same configuration works in LDAP, it should ideally work here too. If you have IQService details, try removing them and see if it resolves the issue.
The connection error suggests a connectivity problem, which could be related to the IIQ Server, AD Server, or network parameters.
Hi Arpitha, I just tried removing the IQService Configuration but still getting the same error. Any other things that I could look into troubleshooting?
Hi Arpitha, my global catalog server is 636. Ports have been opened. <entry key="useSSLForGC" value="true"/> can I check for this in my lower environments this is not configured but is working so I cannot test if adding this code will make any difference. This connectivity issue is only happening in Production.
IIRC, the test connection button will test, in order, the login at each GC and domain level using the Java read-only connection. Then it will test using the IQService which is .NET. If it hits a problem along the way the test will stop. So if you get an error with the Java connect it will stop and not proceed to more domains or IQService.
If you are sure that the ports are open, the next step is to be sure that the certificate from the domain is trusted by the java VM. If it is not trusted TLS will fail and that will be in the log4j. Also I think if TLS setup fails for that will result in a reset connection. There is/was articles on Compass to import the certs to java/tomcat.
A great way to troubleshoot certificates and LDAPS this is to use the Apache Directory studio because it is Java-based. So it will test the same tech stack as IIQ. And you can add the certificates to test
Do not use softterra because it is not using the Java stack and is not accurate test. Later on if you have trouble with IQService then use the Softerra etc.
You will also have to add the certs for IQService probably, if it is not in the same domain.
