Directory Wizards Inc.

Solutions For Your Directory Needs

• Products
• Support
• Knowledgebase
• Blog
• DirWiz Gear
• About
• Home

RSS feed

Categories

• Active Directory
• ADAM
• Address Manipulation
• BPOS
• Exchange 200x
• Exchange 5.5
• Exclusions
• General
• Group as Group Sync
• Groupwise
• LDAP SSL
• LDIF
• Licensing & Keys
• Lotus Notes / Domino
• Map Files
• Master/Spoke
• Netscape
• ODBC
• Oracle
• Outlook
• Profiler
• SharePoint
• Troubleshooting
• UnitySync
• USync
• Windows 2000

Knowledgebase

Could Not Connect, Invalid Credentials, Bad Username/ID/Password

Category:Troubleshooting

Last Updated:2011-08-04

Download PDF version

Test Connection or Discovery or Sync run fails with an error.

Could Not Connect

Could Not Connect means the server could not be reached. This is generally a physical connectivity/firewall/port issue.

Could Not Authenticate
Invalid Credentials
Bad Username ID / Password

These type of errors means the function has successfully reached the target server, but LDAP authentication to the server has failed.  The most common causes of this problem are as follows (generally in this order):

For any Directory Type:

1. Verify there are no Type-os in the LDAP Connection Information (IP, port, name, password).
2.  Verify server setup has been performed per the help file (Configuring Directory Servers)

If this is an AD/Exchange 200x directory server:

1. Verify you are pointing to the IP of a Domain Controller (not an Exchange 200x server).
2. Verify that your LDAP server is not configured for Strong Authentication.  UnitySync does not support strong authentication (Required Signing).  Reconfigure LDAP authentication on the Exchange 200x server so Signing is not required.
3.  Verify  you are using the Login ID as it appears in the 'Account' tab of the  AD User's properties (User Logon Name).
4. Try the below TESTS and provide the results to Support@dirwiz.com.
5. Use recommended Login ID format, Name@domain.com
   (If 'TEST' is successful, but Sync fails with bad name/pw error, the format is likely to blame!)

If this is an Exchange 5.5 directory server:

1. Verify if the Ex55 server is loaded on an Active Directory server. If it is, AD owns port 389. You will have to reconfigure the ldap port on Ex55 at the site and server level. Then, you specify the new port in the UnitySync configuration.
2. Make sure the Exchange Service Account has rights to ’act as part of the operating system’ (this is the default, but we’ve seen cases where this was removed, causing ldap authentication errors.
   
   Start > Programs > Admin Tools > Local Security Policy Security Settings > Local Policies > User Right Assignments:  "Act As Part of the Operating System"
    
3. Try changing the IP to that of another Ex55 server in the domain. (You can successfully do TEST connection without a key change.  In order to run a Sync against the alternate Ex55 server, you will need to request a new key.)
4. If this is an Exchange 5.5 server with SP4, in rare circumstances Ex55 SP4 does not install properly and will not allow LDAP authentications. To fix this, SP4 must be re-install.
5. Try the below TESTS and provide the results to Support@dirwiz.com.

More troubleshooting tests for any directory type:

Test 1:
From a command prompt on the UnitySync server, execute the following (specify correct IP and port to test):

telnet 1.2.3.4 port

Error: If an error is returned, connectivity to the specified IP/Port is unavailable. This connection must be possible in order for authentication to succeed.

OK: If an empty black screen results, the connection was successfully established.

Test 2:
Below are instructions for performing a simple ldapsearch to verify successful ldap authentication.

If necessary, download an ldapsearch utility from here and copy to the UnitySync server. From a command prompt, execute the following:
(replace parameters -b -h -D -w -p with same values as in use by the problematic connection.)

Ex55 Example:
ldapsearch -b "ou=site,o=organization" -h 1.2.3.4 -D "dc=domain,cn=name" -p 389 -w password "(mail=*)" mail

AD Example:
ldapsearch -b "dc=domain,dc=com" -h 1.2.3.4 -D "name@domain.com" -w password "(mail=*)" mail

Notes Example:
ldapsearch -b "ou=organization,o=org" -h 1.2.3.4 -D "cn=Administrator,o=org" -w password "(mail=*)" mail

If the result is an error you have confirmed a basic inability to query the source directory using the specified port and login.

Test 3:
Obtain a known good Admin login for this source... Try the UnitySync Test Connection and/or the above ldapsearch test using the known good Admin login account.

© 2011 Directory Wizards Inc.