VMware Cloud Community
tdubb123
Expert
Expert
‎12-26-2019 09:41 PM

unable to change Identity source to ldaps

I am trying to chage y identity source to ad over ldap using ldaps to my dc but I keep geting the error

Check the network settings and make sure you have netwok access to the idenity source

any idea?

Screen Shot 2019-12-26 at 9.41.52 PM.png

0 Kudos
3 Replies
NathanosBlightc
Commander
Commander
‎12-27-2019 12:02 AM

Is your DNS infrastructure (AD-Integrated) working correctly? Can you resolve the domain name from another system (for example your client system) without any problem? regardless of the vCenter server identity source settings, please check the domain service working correctly ...

At last check the domain controller's firewall setting! (TCP port 389 must be reachable)

Please mark my comment as the Correct Answer if this solution resolved your problem
0 Kudos
peetz
Leadership
Leadership
‎12-27-2019 11:12 AM

Have you added the correct port number at the end of the ldaps-URL?

Typically it's :636, so e.g.

   ldaps://dc1.example.com:636

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
0 Kudos
Vijay2027
Expert
Expert
‎12-28-2019 01:16 PM

AD as an LDAPS format: ldaps://hostname:port.

The port is 636 for LDAPS connections. For Active Directory multi-domain controller deployments, the port is 3269 for LDAPS.

From vCSA run the below commands and check if you are able to pull the certificate:

openssl s_client -connect <ldaps hostname>:636 (or)

openssl s_client -coonect <ldaps hostname>:3269

0 Kudos