Directory unavailable
223 views
Skip to first unread message
Felix
Jun 9, 2023, 2:13:43 PM6/9/23
to pwm-general
Weird behavior with PWM today.
-I checked that the service account was ok and that the password hadn't been changed and that I could open a session with it, and that it's AD permissions hadn't been altered.
Everything was working fine until yesterday. Setting up to demo the server to my manager and all of a sudden I get this error:
Directory unavailable. If this error occurs repeatedly please contact your help desk.
5017 ERROR_DIRECTORY_UNAVAILABLE (all ldap profiles are unreachable; errors: ["error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\\,
(redacted) ,OU=
(redacted) ,OU=
(redacted) ,OU=
(redacted) ,DC=
(redacted) ,DC=
(redacted) ,DC=
(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839\u0000])"])
-I made sure my server certs were still valid on both ends.
-Ran test-netconnection powershell command to port 636 on each of my domain controllers
Detailed log entries:
2023-06-09T14:07:15Z, FATAL, ldap.LdapOperationsHelper, check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]))
2023-06-09T14:07:15Z, ERROR, health.LDAPHealthChecker, error checking configured permission settings:5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]))
2023-06-09T14:07:15Z, FATAL, ldap.LdapOperationsHelper, check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]))
2023-06-09T14:07:15Z, ERROR, health.LDAPHealthChecker, error checking configured permission settings:5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]))
2023-06-09T14:08:45Z, ERROR, health.LDAPHealthChecker, {#,health} error during replica vendor sameness check: unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]
2023-06-09T14:07:15Z, ERROR, health.LDAPHealthChecker, error checking configured permission settings:5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]))
2023-06-09T14:07:15Z, FATAL, ldap.LdapOperationsHelper, check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]))
2023-06-09T14:07:15Z, ERROR, health.LDAPHealthChecker, error checking configured permission settings:5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: 5001 ERROR_WRONGPASSWORD (unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]))
2023-06-09T14:08:45Z, ERROR, health.LDAPHealthChecker, {#,health} error during replica vendor sameness check: unable to create connection: unable to bind to ldaps://(redacted):636 as CN=(redacted)\, (redacted),OU=(redacted),OU=(redacted),OU=(redacted),DC=(redacted),DC=(redacted),DC=(redacted) reason: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839 ]
Where should I look next ?
Jason Rivard
Jun 12, 2023, 8:43:40 AM6/12/23
to pwm-general
In the trace above, this is the error returned by the AD server to PWM:
LDAP: error code 49 - 80090308: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 52e, v3839
Googling that error points out its an invalid password causing the bind to be rejected, though there are plenty of other more uncommon causes. Try resetting the password of the proxy account.
Reply all
Reply to author
Forward
0 new messages