Unable to connect to AD upon hitting test connection button

Hey Guys,

We have configured the AD with all the settings (IQ SVC ,domain settings etc) but still having error “Details:
This source couldn’t be connected due to an error.
java.lang.InterruptedException: Timeout waiting for response to message 6 from client 469aea25-8e83-4c82-aa7c-d3e4c2f730cb after 15 seconds.” Putiing the screenshot as well .Kindly rply how we can sort this out?? thanks

Hi @Apoorv0802 ,

1. Check your VA is up and connected.
2. Check your AD is open.
3. Check your forest name is correct. You can see this by Tools → Active Directory Users and Computers → under which you can see the forest name.
4. Check the Domain Name → for example if the domain name is
   “abc.search.com” → DC=abc,DC=search,DC=com
   “abc.com” → DC= abc, DC=com
5. Check the service Account, password and ip is correct. Service Account should be like “Domain Name/UserName” (Domain Name is nothing but the NET-BIOS name). For example “ABC\Administrator”
6. Also, check your IQ service is running and configured correctly in AD. In IDN check it’s ip is correct.
7. Finally, check the search DN is correct. check whether DN is as such like in AD.

Thanks!

Hey Gokul,

Thanks but I have checked all and all configuration are fine . Any solution u have?

Hi @Apoorv0802

Have you tried to check if you are able to reach and resolve the AD DN and the IQ Server from the VA using toolbox to ensure the ports are open and not potentially being blocked by firewall?

Verifying Internal Connectivity

• Ping your internal source by hostname
  • Let ping run for more than a minute and gauge packet loss and latency.
  • Latency to internal resource should generally be <1ms.
  • Packet loss should not occur at all.
  • Pinging by hostname ensures you test latency as well as name resolution.
• Check ports are open
  • Basic port test

    • tb start (get an error?)

    • tb session

    • execute the nc command netcat. Format is nc -zv -w 5 <IP_Address/HostName>

bash-4.3# nc -zv -w 5 172.16.218.135 389

Connection to 172.16.218.135 389 port [tcp/ldap] succeeded!

• For AD sources, be sure to check port 5050 for IQService.

If this is unsuccessful, this implies there is a firewall blocking the ports.

hey Irshaad ,

thanks for your response i chekd my iq svc using the command nc -zv -w 5 and it is gwtting connecneted .Do i need to chk the va server ip address as well the same way using command?

Hi @Apoorv0802

You will need to do a test from the VA to the AD Domain too to ensure that the VA is able to reach the domain. Lastly you could run a trace from the IQ Server using PS or CMD to the AD Domain to ensure they are able to communicate.

If you are able to work with the Firewall team for them to run a live trace too while you test the connection, they might be able to identify where the traffic is potentially being blocked.

If you remove the IQService configuration, you can rule out if the error is on the IQService side or the VA->AD side. If the test connection is still failing, then you need to troubleshoot the VA->AD connection before adding IQService. If the connection is successful, then you will want to look at the IQService connection specifically.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.