Active directory integration fails, can't refresh LDAP groups

TheDL
New here

Active directory integration fails, can't refresh LDAP groups

We're setting up new MX gateways for an SD-WAN deployment.  We have a requirement to apply custom content filters based on active directory group membership.  We're trying to setup Active directory authentication and the status indicator next to the active directory servers has the green check mark, however the LDAP groups never refreshes.  We're not getting anywhere with meraki support, and we have followed the documentation found online to no avail.  Has anyone else run into this, or have a suggestion?

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I've not had that issue.  If you get a green ticket you are usually away.

 

Anything appearing in the Windows event log on the AD controllers?  Specifically errors when the MXs attempt to retrieve the groups?

 

Is the account being used a domain admin?

 

If you use ldapsearch, are you able to run a query like the below to manually retrieve the list of groups?

(objectCategory=group) 

 

TheDL
New here

Thanks for the quick reply Phillip. Yes, we get the green check mark.  I forgot to mention, on the clients page I do see that users are being identified, it's just that the list of AD groups never populates when we hit "refresh ldap groups".  I'm not familar with ldapsearch, I can give it a go.  We did try ldp.exe and it seems we're able to connect to ldap over SSL.  No idea where we're going wrong here.  Checked the event viewer on the domain controllers, didn't see anything that seemed related to this.  Checked the event log on the meraki appliance and other than 'connected to domain controller' I don't see any messaging related to this process.

TheDL
New here

Also, yes we're using a domain admin account.
TheDL
New here

Also worth noting....the green status check mark is intermittent.  When no changes have been made it will occasionally display a red X or amber !, but it later (refresh page) displays green check again

Griz
Conversationalist

Since the error is intermittent, you might try this page: https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Active_Directory_...

and check the section "WMI Error".

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels