|
|
|
Issue |
Solution |
|---|---|
The account of the Directory Scanner instance does not have the required read permissions to the Active Directory or to the deleted objects container. |
Supply the required permissions. |
A corrupted object exists in the Active Directory. |
Remove the object or deny the account used by the Directory Scanner read permission to that object. If the corrupt object is a container object, permission is denied for all objects in the container. |
If you use an SSL connection for the Directory Scanner communication, you might see a message that is related to SSL configuration. Find the problem and solution here.
Issue: Stronger authentication is required
Solution:
Try to connect with SSL with these steps:
Issue: Wrong SSL Port
Solution:
Change the SSL port or disable SSL. You can do this in the configuration.
Issue: Cannot connect to the domain controller
Solution:
Make sure that an LDAP server is running on the LDAP path of the configured domain controller.
Issue: SSL certificate is not installed
Solution:
or
GSSAPI, Generic Security Service API, is an interface used to access security services. Kerberos is the implementation of GSSAPI used in Microsoft's Windows platform and is supported by Active Directory authentication protocols. During Kerberos authentication, a domain’s KDC (Key Distribution Center) must be found through a DNS request.
The DNS server configured on the Endpoint Security Management Server must be able to resolve IP address by name and name by IP address for all domains that are scanned by the Directory Scanner. If DNS is not configured properly, the authentication fails.
Make sure that:
To make sure the DNS server is configured correctly for GSSAPI authentication:
nslookup.