Hello everyone, I’m working on an iGel PoC for my company. That really seems to be a great tool! However, I can’t connect to my AD even with my IT infrastructure team’s help.
How could I know more about that to make it working properly? Thanks
Hello! Glad too hear that!
Do you mean AD login on the UMS Console or on the IGEL OS endpoint?
Bonjour Sebastien,
Exactly! My goal is to use AD Group and assign roles & tasks to the different IT members. Unfortunately, none of our AD connection attempts worked so far and nobody knows why because any other AD connect tool works from that same server. We use the same type of connection, the same AD user accounts, nothing works unfortunately.
Do you have da different UserPrincipalName set in your AD? Then you need to add the suffix to the UPN suffix field in the AD settings. You can add more that one suffix, just put the ; between them. When you login to the UMS you need to use the UserPrincipalName – which may be different from the syntax samaccountname@domain
Great! So a few first thoughts:
1) you imported the users, after your AD Connection? kb.igel.com/endpointmgmt-6.07/en/importing-users-from-ad-to-ums-43106516.html
2) could you check the list of AD Controller listed i your configuration window, and remove those which are offline? kb.igel.com/endpointmgmt-6.07/en/configuring-an-ad-connection-43106509.html
3) could you check if time between AD / UMS / Endpoint are in sync
4) On logs side: UMS Server: IGELRemoteManagerrmguiserverlogs, Catalina
5) which User syntax are you using when logging in? Could you provide a sample user?
Bonjour everyone, I’m going to try to answer all your questions with a simple screenshot.
And if you had any doubt on the user account, yes it has the rights to read/write on that DC
Bonjour! so, beside answers to 3) and 4) I’m assuming that if you click resolve, the same DC is listed, right?
we have dozens of them showing up and the IP address I select is part of this list yes. I wasn’t sure if the UMS could manage that much DCs so I just let the one I’m sure I need to trust
For what it’s worth, the catalina.log file, even if that shows an actual file modifed date, doesn’t have anything in there since last April 29th which is strange
dumb question, but diskspace is right? How much RAM did you assigned?
Reboot of the server already done?
Actually the reboot helped! Not to fix the issue but to refresh the catalina.log file. Here’s what you asked
Not sure if that helps:
www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4771
Do you see anything in the logs that shows something related to the error codes you mention in your previous url?
Yes, this pre-authentication is invalid row in your log.
Can you try if the user you use in the LDAP settings can login to you AD from another LDAP client? You can use ldapadmin for that.
Bonjour everyone, thanks for your help. Even if I’m still not able to connect to AD properly, I’ve used my domain join account to be sure it’s not a rights issue whatsoever. Here’s the result.
Catalina.log file still doesn’t show updated logs (the last updates are from 2 days ago). Is there any way to refresh it excepted restarting the server?
It should get refreshed automatically… Could you try to disable the Antivirus, assuming there is one?
Only the MS Antimalware one. Could it cause any problem?
You may need to access your domain controller using ldaps instead of ldap. I had it changed on our UMS last summer after Microsoft announced changes for the handling of LDAP requests.
Continue reading and comment on the thread ‘How to configure AD integration with IGEL UMS?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!