Meraki

Community

Active Directory integration

Solved
TL_Arwen
Getting noticed
‎Mar 7 2019 8:33 AM
‎Mar 7 2019 8:33 AM

Active Directory integration

Hi all,

 

So, I'm trying to setup AD integration on our MX84. I have created a Certificate that has all the settings lined out in https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Active_Directory_Integra...

The cert is located in the Trusted store. 

When I go to the AD part of the portal, I put in my info so if my domain is domain.com, i put domain in the short domain field, the IP of my DC in the IP field, administrator for the domain admin field and then the password. I get the error: ldap_start_tls: Server is unavailable

Any ideas on this? Am I missing a step?

0 Kudos
1 Accepted Solution
TL_Arwen
Getting noticed
‎Mar 11 2019 7:52 AM
‎Mar 11 2019 7:52 AM

I added the cert to the trusted store and I found out that I was putting in the wrong info into the portal. I thought that if my domain controller was say dc1.domain.com the short domain would be domain because that is the actual domain name. but I had to put the name of the DC in. Doesn't make sense in my eyes... So once I made that change, it worked.

View solution in original post

13 Replies 13
BrechtSchamp
Kind of a big deal
‎Mar 7 2019 8:47 AM
‎Mar 7 2019 8:47 AM

I assume you saw this from your link:

ldap_start_tls: Server is Unavailable

Error Description - The MX uses TLS to secure the LDAP connection to the domain controller. This error indicates the MX received an Error initializing TLS response from the domain controller when attempting to establish TLS.

Error Solution: To resolve issues with TLS, please verify the following:

  • The domain controller has a valid certificate installed. 
  • The domain controller supports STARTTLS. Since the MX does not support LDAP over SSL, it uses STARTTLS instead.
0 Kudos
In response to BrechtSchamp
TL_Arwen
Getting noticed
‎Mar 7 2019 8:50 AM
‎Mar 7 2019 8:50 AM

@BrechtSchamp wrote:

I assume you saw this from your link:

ldap_start_tls: Server is Unavailable

Error Description - The MX uses TLS to secure the LDAP connection to the domain controller. This error indicates the MX received an Error initializing TLS response from the domain controller when attempting to establish TLS.

Error Solution: To resolve issues with TLS, please verify the following:

  • The domain controller has a valid certificate installed. 
  • The domain controller supports STARTTLS. Since the MX does not support LDAP over SSL, it uses STARTTLS instead.

Yes. I may have missed something, but not sure how or what.

In response to TL_Arwen
BrechtSchamp
Kind of a big deal
‎Mar 7 2019 1:39 PM
‎Mar 7 2019 1:39 PM

All right. I just wanted to make sure. Unfortunately I have no personal experience with configuring AD so I can't help you further. Maybe one of the other members will be able to help.

0 Kudos
In response to BrechtSchamp
crice011
New here
‎Nov 27 2019 6:22 AM
‎Nov 27 2019 6:22 AM

Hi BrectSchamp,

 

Can you point me to instructions on installing proper cert on Domain Controller?  My AD server does not have IIS so I am not finding info on certificate install.  Do I need to create it on RapidSSL and then drop in the personal store?

0 Kudos
In response to crice011
TL_Arwen
Getting noticed
‎Nov 27 2019 7:51 AM
‎Nov 27 2019 7:51 AM

Can you not install iis on your domain controller? Or on another server?

0 Kudos
In response to TL_Arwen
crice011
New here
‎Nov 27 2019 8:15 AM
‎Nov 27 2019 8:15 AM

I would rather not install IIS on DC as it is not a best practice.  I do have IIS on another server.  So I can create the cert there and then drop it into the personal store on the DC?  Is there a step by step guide because I don't understand how to get the cert to meet meraki's requirements of having a private key.

0 Kudos
In response to crice011
TL_Arwen
Getting noticed
‎Nov 27 2019 9:00 AM
‎Nov 27 2019 9:00 AM

Create cert: https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html

Migrate cert to AD server:

https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-...

In response to TL_Arwen
crice011
New here
‎Nov 27 2019 11:57 AM
‎Nov 27 2019 11:57 AM

Thank you very much.  That did the trick.  I also noticed I had to have Domain\username format in the domain admin box on meraki dashboard

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 7 2019 1:59 PM
‎Mar 7 2019 1:59 PM

The certificate should be located in the machine personal store.

0 Kudos
In response to PhilipDAth
TL_Arwen
Getting noticed
‎Mar 7 2019 2:01 PM
‎Mar 7 2019 2:01 PM

@PhilipDAth wrote:

The certificate should be located in the machine personal store.

I added it to the personal store and I still got the same error.

0 Kudos
In response to TL_Arwen
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 7 2019 2:02 PM
‎Mar 7 2019 2:02 PM

Try giving the AD controller a reboot.

 

If the issue is still happening then it is probably something wrong with the certificate.

0 Kudos
TL_Arwen
Getting noticed
‎Mar 11 2019 7:52 AM
‎Mar 11 2019 7:52 AM

I added the cert to the trusted store and I found out that I was putting in the wrong info into the portal. I thought that if my domain controller was say dc1.domain.com the short domain would be domain because that is the actual domain name. but I had to put the name of the DC in. Doesn't make sense in my eyes... So once I made that change, it worked.

In response to TL_Arwen
BrechtSchamp
Kind of a big deal
‎Mar 11 2019 1:24 PM
‎Mar 11 2019 1:24 PM

Thanks for following up!

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.