VMware Workspace ONE Community
ksupport
Contributor
Contributor
‎07-18-2014 06:38 AM
Jump to solution

Cannot bind to Active Directory using Workspace Setup Wizard

Hi all!  Hopefully someone can point me in the right direction here.  I rolled out the Workspace vApp yesterday and everything went beautifully until I reached the point where you configure the Directory.  Here is where I'm at currently:

     - Direcotry Type = ActiveDirectory

     - Use SSL = unchecked

     - Server Host = IP of DC (this is a GC)

     - Server Port = 3268 (have also tried 389)

     - Search attribute = sAMccountName

     - Base DN = DC=domain,DC=com

     - Bind DN = CN=horizon,OU=ServiceAccounts,DC=domain,DC=com

     - Bind Password = ***********

I receive the error below after selecting the Test Setting and Sync button.  Some other notes about things I have tried so far are also listed below.

Bind DN user has the firstname, lastname and email fields populated in the AD account.  Have tried with both of our DC's (both are GC's).  Also, we do not use LDAPS but have enabled the 'Microsoft Network Server: Digitally sign communications (Always)' enabled for all of our servers but don't see why this would make a difference wrt to LDAP. 

Error saving directory configuration.

Problem connecting to directory.

Bryan

1 Solution

Accepted Solutions
RaviChayanam
VMware Employee
VMware Employee
‎07-18-2014 07:34 AM
Jump to solution

If the DCs cant communicate over port 636, this wont work, but you can run a command like "openssl s_client -connect <IP of DC>:636" and that will print a cert. You can run this command from one of the Workspace vApp machines for example. You need to copy the following (including BEGIN and END lines)

-----BEGIN CERTIFICATE-----

....

....

-----END CERTIFICATE-----

And paste it in to the Certificate filed on Directory page in Workspace wizard.

View solution in original post

6 Replies
ksupport
Contributor
Contributor
‎07-18-2014 06:51 AM
Jump to solution

Update:  I think my problem is that the policy 'Domain Controller: LDAP server signing requirements' is set to Require signing.  I would appreciate it if someone could confirm this and tell me if there is still some way to bind Workspace to our AD environment?

Thanks,
Bryan

0 Kudos
RaviChayanam
VMware Employee
VMware Employee
‎07-18-2014 07:07 AM
Jump to solution

Can you try using LDAPs to see if that works please?

0 Kudos
ksupport
Contributor
Contributor
‎07-18-2014 07:15 AM
Jump to solution

Hi Ravi.  Thank you for the reply.  Can you tell me how to add the Directory Certificate in the setup wizard (could not find these instructions in the install guide)?  Our DC's have certs but I know for a fact they do not communicate over port 636 because I can bind to AD using the ldp tool over port 389.

Thanks,
Bryan

0 Kudos
RaviChayanam
VMware Employee
VMware Employee
‎07-18-2014 07:34 AM
Jump to solution

If the DCs cant communicate over port 636, this wont work, but you can run a command like "openssl s_client -connect <IP of DC>:636" and that will print a cert. You can run this command from one of the Workspace vApp machines for example. You need to copy the following (including BEGIN and END lines)

-----BEGIN CERTIFICATE-----

....

....

-----END CERTIFICATE-----

And paste it in to the Certificate filed on Directory page in Workspace wizard.

ksupport
Contributor
Contributor
‎07-18-2014 07:47 AM
Jump to solution

Ravi, thank you very much!  Ran the openssl command as you suggested and it printed out the cert.  Copied the cert text into setup wizard and set port to 636.  Worked like a charm.  Thanks again!

Regards,

Bryan

0 Kudos
RaviChayanam
VMware Employee
VMware Employee
‎07-18-2014 08:01 AM
Jump to solution

Glad it worked. 

0 Kudos