Troubleshoot directory services

Cannot add directory service

Symptom Possible cause and recommendation
Cannot connect with directory service host

Connection with directory service host is lost

Minimum required privileges: Infrastructure administrator

  1. Verify that the settings for the directory service host are accurate.

  2. Locally run the ping command on the directory server’s IP address or host name to determine if it is on-line.

  3. Verify that the port for LDAP communication with the directory service is port 636.

  4. Verify that the port (default port 636) you are using for communication is not blocked by any firewalls.

  5. Verify that the appliance network is operating correctly.

  6. Determine that the appliance virtual machine is functioning properly and that there are enough resources.

Certificate error

Certificate has expired

Minimum required privileges: Infrastructure administrator

  1. Verify the login name and password are accurate.

  2. Reacquire and install the directory service host certificate.

  3. Contact the directory service provider to ensure that the credentials are accurate.

Certificate is not in valid x509 format

Minimum required privileges: Infrastructure administrator

  1. Correct the configuration and try again.

  2. Re-acquire and install the directory service host certificate, if necessary.

  3. Contact the directory service provider to ensure that the credentials are accurate.

Certificate does not contain x509v3 key usage extension (digital signature)

Minimum required privileges: Infrastructure administrator

  1. Ensure that the certificate contains the key usage extension.

  2. Re-acquire and install the directory service host certificate, if necessary.

Cannot log in

The credentials are inaccurate

Minimum required privileges: Infrastructure administrator

  1. Verify the login name and password are accurate.

  2. Verify the search context information is accurate; you might be trying to access a different account or group.

  3. Re-acquire and install the directory service host certificate.

  4. Contact the directory service provider to ensure that the credentials are accurate.

Cannot add server for a directory service

Symptom Possible cause and recommendation
Cannot connect with directory service host

Lost connection with directory service host

  1. Verify that the settings for the directory service host are accurate.

  2. Verify that the correct port is used for the directory service.

  3. Verify that the port (default port 636) you are using for communication is not blocked by any firewalls.

  4. Locally run the ping command on the directory service host’s IP address or host name to determine if it is on-line.

  5. Verify that the appliance network is operating correctly.

  6. If the appliance is hosted on a virtual machine, determine that it is functioning properly and there are enough resources.

Cannot log in

Inaccurate credentials

  1. Verify that the login name and password are accurate.

  2. Reacquire and install the directory service host certificate.

  3. Contact the directory service provider to ensure that the credentials are accurate.

Inaccurate settings in the Add Directory screen

  1. Verify that the name of the directory service is unique and entered correctly. Duplicate names are not accepted.

  2. Verify that the Directory type is correct.

  3. Ensure that the Base DN fields and, for OpenLDAP, the User naming attribute field, and Organizational unit fields are correct.

  4. Verify that the credentials of the authentication directory service administrator are correct.

  5. Verify that the group is configured in the directory service.

Cannot add directory group

Symptom Possible cause and recommendation
Cannot log in

Connection with directory service host is lost

Minimum required privileges: Infrastructure administrator

  1. Verify that the settings for the directory service host are accurate.

  2. Verify that the correct port is used for the directory service.

  3. Verify that the port (default port 636) you are using for communication is not blocked by any firewalls.

  4. Locally run the ping command on the directory service host IP address or host name to determine if it is online.

  5. Verify that the appliance network is operating correctly.

  6. If the appliance is hosted on a virtual machine, determine that the virtual machine is functioning properly and enough resources are allocated to it.

The credentials are inaccurate

Minimum required privileges: Infrastructure administrator

  1. Verify that the login name and password are accurate.

  2. Reacquire and install the directory service host certificate.

  3. Contact the directory service provider to ensure that the credentials are accurate.

Cannot find group in the directory service

Group is not configured in the directory service

Minimum required privileges: Infrastructure administrator

  1. Verify the credentials of the authentication directory service.

  2. Verify that the directory service is operational.

  3. Verify the name of the group.

  4. Contact the directory service administrator to verify that the group account is configured in the directory service.

  5. Try to find the group again.

    For more information, see About directory service authentication.

Directory type is incorrect

Minimum required privileges: Infrastructure administrator

The directory type was incorrectly specified. For example, an Active Directory service might have be specified as OpenLDAP.

  1. Verify that the settings for the directory service are accurate.

Cannot add group

Group is already mapped

Minimum required privileges: Infrastructure administrator

The authentication directory and group specified already exist. Groups must be unique.

  1. Reassign the current group to another role, or otherwise make the group unique.

Cannot find any groups on servers configured for the directory service

Specified search for configured directory service does not contain any groups

Minimum required privileges: Infrastructure administrator

  1. Verify the directory server configuration.

  2. For OpenLDAP, add all search contexts to retrieve the wanted group or groups. Use the Add button to generate additional multiple organizational units, with which to specify the UID or CN.

    For more information, see Add/Edit Directory screen details

No groups found on servers configured for directory service; cannot reach other directory servers

Error occurred while accessing directory groups

Minimum required privileges: Infrastructure administrator

  1. Verify the directory server configuration.

    Verify the directory server configuration.

  2. Verify the connection to the directory server host.

  3. For OpenLDAP, add all search contexts to retrieve the wanted group or groups. Use the Add button to generate additional multiple organizational units, with which to specify the UID or CN.

    For more information, see Add/Edit Directory screen details

Cannot reach the server configured for the directory service

Error occurred while retrieving groups from the directory server

Minimum required privileges: Infrastructure administrator

  1. Verify the connection to the directory server host. See Cannot add server for a directory service .

  2. Verify the directory server configuration.

Directory service not available

Symptom Possible cause and recommendation
Cannot connect to the directory service

Directory service server is down

  1. Locally run the ping command on the directory server IP address or host name to determine if it is online.

  2. Verify that the appliance network is operating correctly.

  3. Contact the directory service administrator to determine if the server is down.

Inaccurate settings in the Add Directory screen

  1. Verify that the name of the directory service is unique and entered correctly. Duplicate names are not accepted.

  2. Verify that the Directory type is correct.

  3. Ensure that the Base DN fields and, for OpenLDAP, the User naming attribute field, and Organizational unit fields are correct.

  4. Verify that the credentials of the authentication directory service administrator are correct.

  5. Verify that the group is configured in the directory service.

  6. Ensure that the role assigned to the group is correct.

    For more information, see Add/Edit Directory Group screen details