cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active Directory integration

SOLVED
Highlighted
Getting noticed

Active Directory integration

Hi all,

 

So, I'm trying to setup AD integration on our MX84. I have created a Certificate that has all the settings lined out in https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Active_Directory_Integra...

The cert is located in the Trusted store. 

When I go to the AD part of the portal, I put in my info so if my domain is domain.com, i put domain in the short domain field, the IP of my DC in the IP field, administrator for the domain admin field and then the password. I get the error: ldap_start_tls: Server is unavailable

Any ideas on this? Am I missing a step?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Getting noticed

Re: Active Directory integration

I added the cert to the trusted store and I found out that I was putting in the wrong info into the portal. I thought that if my domain controller was say dc1.domain.com the short domain would be domain because that is the actual domain name. but I had to put the name of the DC in. Doesn't make sense in my eyes... So once I made that change, it worked.

View solution in original post

13 REPLIES 13
Highlighted
Kind of a big deal

Re: Active Directory integration

I assume you saw this from your link:

ldap_start_tls: Server is Unavailable

Error Description - The MX uses TLS to secure the LDAP connection to the domain controller. This error indicates the MX received an Error initializing TLS response from the domain controller when attempting to establish TLS.

Error Solution: To resolve issues with TLS, please verify the following:

  • The domain controller has a valid certificate installed. 
  • The domain controller supports STARTTLS. Since the MX does not support LDAP over SSL, it uses STARTTLS instead.
Getting noticed

Re: Active Directory integration


@BrechtSchamp wrote:

I assume you saw this from your link:

ldap_start_tls: Server is Unavailable

Error Description - The MX uses TLS to secure the LDAP connection to the domain controller. This error indicates the MX received an Error initializing TLS response from the domain controller when attempting to establish TLS.

Error Solution: To resolve issues with TLS, please verify the following:

  • The domain controller has a valid certificate installed. 
  • The domain controller supports STARTTLS. Since the MX does not support LDAP over SSL, it uses STARTTLS instead.

Yes. I may have missed something, but not sure how or what.

Highlighted
Kind of a big deal

Re: Active Directory integration

All right. I just wanted to make sure. Unfortunately I have no personal experience with configuring AD so I can't help you further. Maybe one of the other members will be able to help.

Highlighted
New here

Re: Active Directory integration

Hi BrectSchamp,

 

Can you point me to instructions on installing proper cert on Domain Controller?  My AD server does not have IIS so I am not finding info on certificate install.  Do I need to create it on RapidSSL and then drop in the personal store?

Highlighted
Getting noticed

Re: Active Directory integration

Can you not install iis on your domain controller? Or on another server?

Highlighted
New here

Re: Active Directory integration

I would rather not install IIS on DC as it is not a best practice.  I do have IIS on another server.  So I can create the cert there and then drop it into the personal store on the DC?  Is there a step by step guide because I don't understand how to get the cert to meet meraki's requirements of having a private key.

Highlighted
Getting noticed
Highlighted
New here

Re: Active Directory integration

Thank you very much.  That did the trick.  I also noticed I had to have Domain\username format in the domain admin box on meraki dashboard

Highlighted
Kind of a big deal

Re: Active Directory integration

The certificate should be located in the machine personal store.

Highlighted
Getting noticed

Re: Active Directory integration


@PhilipDAth wrote:

The certificate should be located in the machine personal store.


I added it to the personal store and I still got the same error.

Highlighted
Kind of a big deal

Re: Active Directory integration

Try giving the AD controller a reboot.

 

If the issue is still happening then it is probably something wrong with the certificate.

Highlighted
Getting noticed

Re: Active Directory integration

I added the cert to the trusted store and I found out that I was putting in the wrong info into the portal. I thought that if my domain controller was say dc1.domain.com the short domain would be domain because that is the actual domain name. but I had to put the name of the DC in. Doesn't make sense in my eyes... So once I made that change, it worked.

View solution in original post

Highlighted
Kind of a big deal

Re: Active Directory integration

Thanks for following up!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.