SummarySome things to consider when installing AD and trying to get it up and running.
There is some excellent documentation regarding the subject matter located here.
Some things to remember:
- The Active Directory Connector needs to be installed in each domain on a server in the same domain that you have each Exinda.
- The server is running at least 4.0 .NET framework.
- Ensure the logon policy "success" enabled in the GPO, and if there are GPO conflicts, remove and readd
- Check the configuration, make sure the ports match on the AD Connector and on the Web UI
- Verify that the Logon Auditing is actually being logged: Domain Controller-->Event Viewer-->Windows Logs-->Security-->Filter Event ID 4624 (or 4625 for an unsuccessful login)
If the Exinda and the AD are for some reason not synchronizing users & groups information properly, the best way to troubleshooting is setting up an ExindaAD.log file. This is very easy to do and needs to be done in the Windows Server where the AD Client is installed.
1.- Create a text file with the following XML script:
<?xml version="1.0" encoding="utf-8"?>
Off Output no tracing and debugging messages.
Error Output error-handling messages.
Warning Output warnings and error-handling messages.
Info Output informational messages, warnings, and error-handling messages.
Verbose Output all debugging and tracing messages.
<add name="ADTraceSwitch" value="Verbose" />
You can disable any of the threads (just uncomment)
for debug purposes
<!--add key="DisableSOAP" value="yes"/-->
<!--add key="DisableAD" value="yes"/-->
<!--add key="DisableEL" value="yes"/-->
<add key="LogFile" value="c:\Program Files (x86)\Exinda Networks\ExindaAD\ExindaAD.log" />
2.- Change the name of the file to: ExindaAD.exe.config (make sure the file is NOT named ExindaAD.exe.config.txt)
3.- Place the file in the same directory where the ExindaAD.exe file (application launcher) is. If you did not change the default values when installed, this directory should be:
c:\Program Files (x86)\Exinda Networks\ExindaAD
4.- Go to services.msc and restart the ExindaAD service.
5.- A new file will be created called ExindaAD.log in the directory above, please wait for an hour so the file will be filled up with logs.
6.- Take the file and email it to Exinda TAC.
Additional InformationPlease Note: The users and groups added by Active Directory Integration cannot log into the Exinda.
This integration is only for monitoring/controlling the traffic for users and groups