locked
ATA LDAP search failed - the server is unavailable RRS feed

  • Question

  • When trying to do LDAP searches with ATA I get following errors

    2018-08-29 20:36:21.4675 6304 130 Error [DirectoryServicesClient+<SearchInternalAsync>d__29] Microsoft.Tri.Infrastructure.Utils.ExtendedException: LDAP search failed 
    [DomainControllerDnsName=<domaincontroller> IsGlobalCatalog=False DistinguishedName=CN=NTDS Settings,CN=<domaincontroller>,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=local Scope=Base Filter= AttributeCount=14] ---> System.DirectoryServices.Protocols.DirectoryOperationException: The server is unavailable.
    
    Server stack trace: 
       at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
       at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
       at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)
    
    Exception rethrown at [0]: 
       at System.DirectoryServices.Protocols.LdapConnection.EndSendRequest(IAsyncResult asyncResult)
       at Microsoft.Tri.Infrastructure.Extensions.LdapConnectionExtensions.<>c__DisplayClass0_0.<SendRequestAsync>b__0(IAsyncResult _)
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.SearchInternalAsync(?)
       --- End of inner exception stack trace ---
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.SearchInternalAsync(?)
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.SearchAsync(?)
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.SearchObjectsInternalSyncedAsync(?)
       at Microsoft.Tri.Infrastructure.Extensions.TaskExtension.Await[TResult](Task`1 task)
       at Microsoft.Tri.Infrastructure.Extensions.TaskExtension.<>c__2`2.<Cast>b__2_0(Task`1 _)
       at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
       at System.Threading.Tasks.Task.Execute()
       at async Microsoft.Tri.Infrastructure.Utils.Syncer.RunAsync[](?)
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.SearchObjectsInternalAsync(?)
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.SearchObjectsAsync(?)
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.SearchObjectAsync(?)
       at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesResolver.UpdateDirectoryEntityChangesAsync(?)
       at async Microsoft.Tri.Infrastructure.Framework.Module.<>c__DisplayClass30_0.<RegisterPeriodicTask>b__1(?)
       at async Microsoft.Tri.Infrastructure.Extensions.TaskExtension.<>c__DisplayClass33_0.<RunPeriodic>b__0(?)

    We have multiple ATA Gateways (Light and normal) and on all of them the ldap sync doesn't work if i put them as domain sync candidate.

    LDAP and LDAPs work on the domain controllers as other applications / appliances can connect to the domain controllers.

    I've also tried different kind of certificates on the domain controllers (KSP/CSP Certificates) - SHA256 with 4096 Bit key length. Is there any way to maybe get a "better" error message which leads me to a source of the error?

    I've also reinstalled all of the Gateways to rule out problems with the setup.

    The only thing I haven't done is doing the center from scratch, but that's something I want to hold of until there's no other possibility.

    I've also tried switching sync accounts to rule out problems with the account, but also with no results.

    Does anyone have a tip, what i could do to remediate the situation?

    Thanks in advance

    Friday, August 31, 2018 8:03 AM

All replies

  • Are you able to connect via LDAP to the configuration partition of the mentioned DC using the same user account over kerberos with other tool from this machine?
    Friday, August 31, 2018 8:09 PM