locked
ATA Lightweight Gateway - Start failed RRS feed

  • Question

  • One of our lightweight gateways is now failing to startup.  The issue started after we rebooted the domain controller after our monthly patch window.  I tried reinstalling the gateway but it still won't start.  The other two DCs we have lightweight gateways on are still working just fine.  They got the same set of patches and were also rebooted but they start up just fine.  I also tried restarting the services again but they start up so the problem appears to be isolated on this one DC.

    I looked in the "Microsoft.Tri.Gateway-Errors.log" and the couple errors I see are below but I haven't been able to find related articles that talk about how to fix them.

    Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with the configured domain controllers

    and

    Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=xxxxxx.local ErrorCode=82] ---> System.DirectoryServices.Protocols.LdapException: a local error occurred.

    A few of the things I have tried are:

    - Confirmed using the ldp.exe tool that I could connect via both 389 and 636 to itself as well as the other two DCs.

    - Uninstall and reinstall, didn't fix the issue.  The new gateway does appear in the console in a "Start Failed" status.  Makes me think it isn't a problem with the lightweight gateway being able to talk to the console.

    - Other than the patches the only thing else that we know changed is that we made some changes with the IIS Crypto tool to disable SSL 3.0 and to set the ciphers to the best practices.  This was also done on the other two DCs that are working so not sure if it caused any problems or not.

    Looking for any ideas on things to try.  Any help would be appreciated.

    Thanks

    Tuesday, May 8, 2018 7:14 PM

All replies

  • Forgot to include these details:

    We are using Version 1.7.5757.57477

    DCs are all 2008R2


    • Edited by Keith_JW Tuesday, May 8, 2018 7:28 PM
    Tuesday, May 8, 2018 7:28 PM
  • Things to try (from similar cases I have seen):

    1. Confirm that the domain controller’s DNS record is configured properly in the DNS server. 
    2. Verify that the time of the ATA Gateway is synchronized with the time of the domain controller (that is mentioned in the error message).

    3. When testing with ldp.exe make sure to use Kerberos Authentication only, wihtout an option to fallback to NTLM, and see if you can repro the issue.

    4. Seen cases where another reboot of the machine solved the problem.


    Tuesday, May 8, 2018 7:56 PM
  • After doing some more investigating and running a dcdiag we noticed the DC in question had all kinds of errors.  At this point we are assuming the ATA issues are related to the DC not functioning properly.  Thanks for the suggestions.
    Wednesday, May 9, 2018 6:53 PM