Saviynt Forums

GauravJain · ‎03/05/2024

Hi - We are trying to setup ADSI connector after performing all pre-requisites as mentioned in document Preparing for Integration (saviyntcloud.com).

When we click on "Save & Test Connection" button available on ADSI connector, we see below error message in logs - highlighted in bold.

ecm	integration.ExternalConnectionCallService	http-nio-8080-exec-3-j8995	DEBUG	in testExternalConnection for External Connection : ADReconConnection
ecm	adsi.SaviyntGroovyADSIService	http-nio-8080-exec-3-j8995	DEBUG	Connection is 61:: ADReconConnection
ecm	services.HttpClientUtilityService	http-nio-8080-exec-3-j8995	DEBUG	before calling executeRequestWithHeaders for api...
ecm	services.HttpClientUtilityService	http-nio-8080-exec-3-j8995	DEBUG	isFipsEnabled = false
ecm	services.HttpClientUtilityService	http-nio-8080-exec-3-j8995	DEBUG	getHttpClient - proxyParams : null
ecm	services.HttpClientUtilityService	http-nio-8080-exec-3-j8995	DEBUG	getHttpClient - sslSocketFactory : null
ecm	services.HttpClientUtilityService	http-nio-8080-exec-3-j8995	DEBUG	getHttpClient - HttpClientBuilder.create().build() called.
ecm	services.HttpClientUtilityService	http-nio-8080-exec-3-j8995	DEBUG	called executePostRequestWithHeaders for api...
ecm	services.HttpClientUtilityService	http-nio-8080-exec-3-j8995	DEBUG	after calling executeRequestWithHeaders for api...
ecm	adsi.SaviyntGroovyADSIService	http-nio-8080-exec-3-j8995	DEBUG	Error : [error:Error null]
ecm	integration.ExternalConnectionCallService	http-nio-8080-exec-3-j8995	DEBUG	EXIT invokeExternalMethod

In ADSI connector we have configured all required parameters like:

SSL certificate, URL, USERNAME (with least permissions - didnt grant Domain administrator or Enterprise admin group access), PASSWORD, CONNECTION_URL & FORESTLIST.

URL = LDAP://{IP address of root server}:443 (not sure if we can use ip address instead of Host name in URL)

Please let me know if you require any further information on this issue.

Please find some more information on above issue:

i have configured CONNECTION_URL wrongly like this {IP address of root server}/api/v1/discovery which was later replaced by this "https://{IP address of root server}:443/api/v1/discovery".

Now i see following error in logs:

Error : [headers:[Content-Type: text/html; charset=us-ascii, Server: Microsoft-HTTPAPI/2.0, Date: Tue, 05 Mar 2024 12:35:42 GMT, Connection: close, Content-Length: 315], responseText:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
, cookies:[], statusCode:404]

Regards

Gaurav

[This message has been edited by moderator to merge reply comment]

sudeshjaiswal · ‎03/06/2024

Hello @GauravJain,

May i know why are you using the port 443??

The Correct Connection URL should be
SSL Connection (With Certificate)
URL: LDAP://winServerDC01.abc.mycompany.com:636

Non-SSl Connection (Without Certifcate)
URL: LDAP://winServerDC01.abc.mycompany.com:389

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

GauravJain · ‎03/06/2024

Yes, there was some confusion w.r.t port number. i will change the url and port number to retry and revert if any further issues.

Please confirm, can we use IP address instead of actual host name in the url as you have mentioned? like LDAP://xx.xxx.xxx.xxx:636

Thanks

Gaurav

GauravJain · ‎03/15/2024

Hi @sudeshjaiswal i have configured following url's in ADSI connector but still getting some error.

URL - LDAP://{IP address of primary domain}:636

CONNECTION_URL - https://{ADSI agent server ip address}:443/api/v1/discovery

ERROR

2024-03-15T12:36:11+05:30-ecm-services.HttpClientUtilityService-http-nio-8080-exec-8-zcwzm-DEBUG-getHttpClient - proxyParams : null

2024-03-15T12:36:11+05:30-ecm-services.HttpClientUtilityService-http-nio-8080-exec-8-zcwzm-DEBUG-getHttpClient - sslSocketFactory : null

2024-03-15T12:36:11+05:30-ecm-services.HttpClientUtilityService-http-nio-8080-exec-8-zcwzm-DEBUG-getHttpClient - HttpClientBuilder.create().build() called.

2024-03-15T12:36:11+05:30-ecm-services.HttpClientUtilityService-http-nio-8080-exec-8-zcwzm-DEBUG-called executePostRequestWithHeaders for api...

2024-03-15T12:36:11+05:30-ecm-services.HttpClientUtilityService-http-nio-8080-exec-8-zcwzm-DEBUG-after calling executeRequestWithHeaders for api...

2024-03-15T12:36:11+05:30-ecm-adsi.SaviyntGroovyADSIService-http-nio-8080-exec-8-zcwzm-DEBUG-Error : [error:Error Connection reset]

2024-03-15T12:36:11+05:30-ecm-integration.ExternalConnectionCallService-http-nio-8080-exec-8-zcwzm-DEBUG-EXIT invokeExternalMethod

Please let me know if you require any further information.

sudeshjaiswal · ‎03/15/2024

Hello @GauravJain,

Is SSL valid certificate present, if not please add.
Else try to connect it via port 389.
Non-SSl Connection (Without Certifcate)
URL: LDAP://winServerDC01.abc.mycompany.com:389

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

GauravJain · ‎03/15/2024

Hi @sudeshjaiswal i have tried with both secure (including a certificate) and non-secure url but getting same error. Also, i dont see Saviynt printing URL value in logs, strange.

secondly, is it mandatory to have hostname in URL, instead of using "ipaddresss:port number"?

Let me know if you require any further information to debug this issue.

Regards

Gaurav

sudeshjaiswal · ‎03/15/2024

Hello @GauravJain,

Yes, It always the best practice to use the hostname in the URL, the DNS should be configured properly to use the hostname.

Also share what do you see in the logs.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

GauravJain · ‎03/15/2024

Ok. In our environment, we may not be able to use hostnames as of now. but its not mandatory so thats not a concern.

Would you be able to see logs on this ticket INC-2022445? if not, will share on forum. please let me know.

sudeshjaiswal · ‎03/17/2024

Hello @GauravJain,

It appears there might be a connectivity issue. would request you to revisiting the prerequisites of the configuration as per the document.

Cross Validate the Connectivity between IIS server,Certificate, URL ,Password,Valult and CONNECTION_URL are correct.

https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Configuring-the-Integration-for-Importin...

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

GauravJain · ‎03/19/2024

Hi @sudeshjaiswal it seems, Saviynt connector is not even reaching to our AD environment because when i use incorrect username OR password, still i get same error "error:Error Connection reset". Also, no logs are generated in ADSI agent folder on AD server.

sudeshjaiswal · ‎03/19/2024

Hello @GauravJain,

Can you try to install the latest the ADSI Agent from the Saviynt Document Artifact.
PFA screeshot for reference :

and try again.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

GauravJain · ‎03/19/2024

Sure, will do and revert with findings if any.

GauravJain · ‎03/29/2024

Hi @sudeshjaiswal

We have installed latest ADSI agent and re-verified all the pre-requisites for ADSI connector.

As of now, we have just granted read-only access to service account because we are still trying to just establish a connection with AD from Saviynt.

PFA log file on support ticket #INC-2022445. Following is the error message:

Error : [headers:[Cache-Control: no-cache, Pragma: no-cache, Content-Type: application/json; charset=utf-8, Expires: -1, Server: Microsoft-IIS/10.0, X-AspNet-Version: 4.0.30319, X-Powered-By: ASP.NET, Date: Wed, 27 Mar 2024 09:35:42 GMT, Content-Length: 273], responseText:{

version": null

status": "Failure"

message": "Authentication failed."

messageCodes": "API_ERR_00004"

errorDetails": "API_ERR_00004 : -2146233088 : Could not connect to connection string LDAP://{IP_Address}:636 : The server is not operational."

}, cookies:[], statusCode:400]

We have verified from backend that server is operational and we are able to connect to that server using credentials as configured in ADSI connector
We have already opened firewall ports to this host "{IP_ADDRESS}:636" and confirmed connectivity between SC client and AD - working fine
Is the password policy not accepting the password we are using? just observed couple of log lines on password policy, hence, this doubt.

Please let me know if you require any further inputs from my end to debug this issue further.

Saviynt Forums

ADSI connector issues