Troubleshooting : Troubleshoot Authentication and Directory Services Problems

Troubleshoot Authentication and Directory Services Problems
Missing Fields
If a red error message appears to the right of Directory Configuration area when you click Configure, the information in the fields is incorrect.
No Global Catalog
If the dialog box is empty (you cannot browse), but a red error message does not appear, the Pano Manager cannot communicate with the Domain Controller. To fix this problem, specify the port of the Global Catalog. For example: ldap://10.1.100.1:3268.
By default the Global Catalog runs on port 3268 in unencrypted mode and on 3269 in encrypted mode. Therefore, the URL is ldaps://dirserver1.yourdomain.com:3269 for encrypted mode and ldap://dirserver1.youdomain.com:3268 for unencrypted mode. Consult your Active Directory administrator if the Global Catalog runs on a different server or if it is configured to run on a different port.
If you are convinced that the Active Directory server address is indeed correct, try to enter the Global Catalog server address. [Global Catalog generally runs on port 3286]. If putting in Global Catalog address works, check to see if the Pano Manager is on the same domain as Active Directory domain controller whose address was entered. If not, then change it to same domain.
No service location record
If you receive a “javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]” exception, you might not have a service location record in your DNS Server.
If you have more than one domain controllers, Pano Manager can automatically choose one based on the workload on each domain controllers. However, sometimes this configuration gives this exception if you don’t have a service location record in your DNS server.
To create a service record for your Active Directory:
1.
2.
3.
In Resource Record Type dialog, pick Service Location (SRV), then click Create Record.
4.
In New Resource Record dialog, choose _ldap in Service: drop-down list.
5.
Enter the name of the domain controller in Host offering this service, then click Ok.
6.
No Privileges or No UPN Format
In order to properly establish a relationship between a user and a DVM the user must be able to be authenticated using a complete UPN (User Principal Name) that, in the end, gets passed along as something like the form of username@yourdomain.com.
The portion @domain.com is appended to the user name from information defined in the users account within Active Directory (or your alternate directory services database). If a No UPN error is encountered, do the following:
Check to make sure that an account with adequate credentials is being used within the Directory Configuration portion of your Pano Manager to browse your AD tree and do user lookups and authentication.
Look at the account information in your Active Directory or alternate user database for the username that is being used when you encounter this error. When you (or the system administrator of the Active Directory server) logs in to the directory services to look at this users properties, make sure that a "@yourdomain.com" or "@yourdomain.net" etc is selected for the user so that it can properly be appended to the username during the process of authenticating a user and establishing a session to a DVM. Once this has been done, login via a Pano device using only a username/passwd. There's no need to type in the entire username@domainname.com. Verify that the user is able to log on successfully. To further verify that this completely resolves the issue, log on using alternate users that may have previously failed.
Other failure reasons
To help troubleshoot configuration issues, the host URL and the following Root DSE attributes are written to the log after connecting. If above checks fail then get information about the exception in Pano Manager via the log file (go to Work with Log Files):

Did you find what you're looking for?
v2.5.1