Cannot add directory service

Symptom

You cannot add a directory service to the appliance.

Solution 1
Cause

An external problem disconnected the directory server host.

Action
  1. Log in as the Infrastructure administrator
  2. Verify that the settings for the directory service host are accurate.
  3. Locally Ping a host name or IP address on the directory server’s IP address or host name to determine if it is on-line.
  4. Verify that the port for LDAP communication with the directory service is port 636.
  5. Verify that the port (default port 636) you are using for communication is not blocked by any firewalls.
  6. Verify that the appliance network is operating correctly.
  7. Determine that the appliance is functioning properly and that there are enough resources.
Solution 2
Cause

The directory server host is refusing to authenticate the appliance because the certificate has expired.

Action
  1. Log in as the Infrastructure administrator
  2. Verify the login name and password are accurate.
  3. Contact the directory service provider to ensure that the credentials are accurate.
  4. Reacquire and install the directory service host certificate.
Solution 3
Cause

The certificate is not in valid x509 format.

Action
  1. Log in as the Infrastructure administrator
  2. Correct the configuration and try again.
  3. Re-acquire and install the directory service host certificate, if necessary.
  4. Contact the directory service provider to ensure that the credentials are accurate.
Solution 4
Cause

The certificate does not contain the x509v3 key usage extension.

Action
  1. Log in as the Infrastructure administrator
  2. Ensure that the certificate contains the key usage extension.
  3. Re-acquire and install the directory service host certificate, if necessary.
Solution 5
Cause

The directory server host cannot authenticate the appliance because the credentials are invalid.

Action
  1. Log in as the Infrastructure administrator
  2. Verify the login name and password are accurate.
  3. Verify the search context information is accurate; you might be trying to access a different account or group.
  4. Re-acquire and install the directory service host certificate.
  5. Contact the directory service provider to ensure that the credentials are accurate.