I am trying to set up a new AD source with TLS enabled. Have followed all steps, but getting this error during “Test Connection”
Any help would be highly appreciated
Any help would be highly appreciated
CA used to sign your AD certificate is not in you Trust Store (on your VA). You have to add it in order to make this certificate validated properly
Here is manual how to do that
And few more usefull docs:
1 Like
Thanks @kjakubiak
I will check these and get back to you
1 Like
I had copied the wrong certificate in the VA. After fixing Test Connection was successful before setting up the IQService. However, once I added IQService details, I am getting the following error during Test Connection
@iamology did you check the TLS option in IQService and what is the port you have mentioned in IQService?
Looks like network issue now, generaly as long as you don’t configure iqservice details test connection is checking only LDAP connection to AD, once iqService is configured id checks also RPC calls. Do you have network traffic allowed between iqService and DCs?
@rajeshs
Yes I have enabled the TLS under IQService settings and port is 5527
@kjakubiak
Both DC and IQService servers belong to the same domain and I am using domain Administrator login in both VMs. I have also added an Inbound rule to allow access to port 5051,5502, 5527 & 5528 to the Firewall settings in IQService server
Also aggregation works in the source
Thanks both for your input
Hye Nitesh,
I have one query i am also working on TLS between VA and IQ svc .Can u pls tell me that do we need to install the iqservice.exe file again for installing tls port as i already downloaded the iqservice.exe file while installing only IQ service?
Hi Nitesh,
Our organization had several ADs to connect and we faced several of these TLS issues due the different configurations of our directories.
Something we realized is that even with the right certificates installed in the right places (“Personal” and “Trusted CA” folders if they’re self-signed) we were still facing issues because the server had some misconfiguration to resolve.
First of all, before testing your connection with TLS enabled, make sure you get success with port 389 and the checkbox disabled, so you discard the problem being connectivity issues.
To get insights on the certificate configuration at the domain controller, run this command from one of the VAs:
openssl s_client -connect <domain>:636
“Connection reset” errors sometimes means the certificate couldn’t be found at the DC or it didn’t meet the requirements for secure LDAP connection, so the command above will help you to identify what’s the cause of your problems.
2 Likes
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.