Trouble Linking to Active Directory

praf8472
Comes here often

Trouble Linking to Active Directory

Hi,

 

We already have 1 network with mobile devices and a connection to AD setup via a Windows server with the Meraki Systems Manager Agent on it.

 

We're trying to setup a new network.  I've got another Windows server 2019 setup with the Meraki Systems Manager Agent on it and it's enrolled in the network.  The problem is I can't get the server to show a green tick under Systems Manager > General > End User authentication settings

 

I've chosen Active Directory: Use you own Active Directory server

 

I've entered the email domain

 

I've filled in all the other fields like we have in our other network but when I select the gateway I get the following error:

 

ldap_bind: Can't contact LDAP server

 

I've check and the WMI server is running.

 

The server and the user I've entered have access to AD.

 

We're using port 3268

 

The server is not a domain controller but in our other network the server is not a domain controller, it just has the AD DS and AD LDS Tools installed.

 

Plus the other server that works is Windows 2016, if that makes any difference.

 

I'm just wondering what I'm missing.

 

Hope that makes sense and someone can help.

 

Thanks

8 REPLIES 8
PhilipDAth
Kind of a big deal
Kind of a big deal

Does the AD controller have a certificate installed on it?

praf8472
Comes here often

Hi,

 

Sorry, I've not installed any certificate on the server.  Which certificate does it need to have installed?

PhilipDAth
Kind of a big deal
Kind of a big deal

praf8472
Comes here often

Hi,

 

Does this work with a wildcard certificate?

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know for sure - but it should.

PaulF
Meraki Employee
Meraki Employee

The reason that you're not getting. tick, BUT it may be working is because the MX is probably NOT on the same subset. 

 

Right at the top of: https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...

 

Currently, Active Directory-based authentication works only if one of the following is true:

  • The Domain Controller is in a VLAN configured on the appliance
  • The Domain Controller is in a subnet for which a static route is configured on the appliance
  • The Domain Controller is accessible through the VPN.
PhilipDAth
Kind of a big deal
Kind of a big deal

This is in the "Mobile Device Management" forum ... so I think it is talking about Systems Manager AD Configuration.

 

https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication#Active_Directory_... 

You're absolutely right, @PhilipDAth , thanks for pointing that out....

 

"The server is not a domain controller but in our other network the server is not a domain controller, it just has the AD DS and AD LDS Tools installed."

 

This may, however, be the crux of the issue...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels