Error 5017

[Brian Cruse]

I have an issue with logging in, the LDAP test looks good, the SAN matches on the certificate... I have no issues in the config manager

This is the Debug log

2022-10-12T18:31:36Z, FATAL, servlet.AbstractPwmServlet, {ZBR3L} 5017 ERROR_DIRECTORY_UNAVAILABLE (unexpected error during ldap search (profile=default), error: 5017 ERROR_DIRECTORY_UNAVAILABLE (unable to reach any configured server, maximum retries exceeded)) [172.29.0.12]
2022-10-12T18:31:36Z, WARN , search.UserSearchEngine, {ZBR3L} searchID=4-0 error during user search: 5017 ERROR_DIRECTORY_UNAVAILABLE (unexpected error during ldap search (profile=default), error: 5017 ERROR_DIRECTORY_UNAVAILABLE (unable to reach any configured server, maximum retries exceeded)) [172.29.0.12]
2022-10-12T18:31:36Z, INFO , provider.FailOverWrapper, failing over to ldaps://TC-DC02.LEONET.local:636
2022-10-12T18:31:36Z, WARN , provider.FailOverWrapper, current server ldaps://TC-DC03.LEONET.local:636 has failed, failing over to next server in list, last error: javax.naming.PartialResultException, cause:javax.naming.CommunicationException: TAPI3Directory.LEONET.local:636, cause:java.net.UnknownHostException: TAPI3Directory.LEONET.local
2022-10-12T18:31:36Z, INFO , provider.FailOverWrapper, failing over to ldaps://TC-DC03.LEONET.local:636
2022-10-12T18:31:35Z, WARN , provider.FailOverWrapper, current server ldaps://TC-DC02.LEONET.local:636 has failed, failing over to next server in list, last error: javax.naming.PartialResultException, cause:javax.naming.CommunicationException: TAPI3Directory.LEONET.local:636, cause:java.net.UnknownHostException: TAPI3Directory.LEONET.local
2022-10-12T18:31:35Z, INFO , provider.FailOverWrapper, failing over to ldaps://TC-DC02.LEONET.local:636
2022-10-12T18:31:35Z, WARN , provider.FailOverWrapper, current server ldaps://TC-DC03.LEONET.local:636 has failed, failing over to next server in list, last error: javax.naming.PartialResultException, cause:javax.naming.CommunicationException: TAPI3Directory.LEONET.local:636, cause:java.net.UnknownHostException: TAPI3Directory.LEONET.local
2022-10-12T18:31:34Z, INFO , provider.FailOverWrapper, failing over to ldaps://TC-DC03.LEONET.local:636
2022-10-12T18:31:33Z, WARN , provider.FailOverWrapper, current server ldaps://TC-DC02.LEONET.local:636 has failed, failing over to next server in list, last error: javax.naming.PartialResultException, cause:javax.naming.CommunicationException: TAPI3Directory.LEONET.local:636, cause:java.net.UnknownHostException: TAPI3Directory.LEONET.local

[Brian Cruse]

OK I figured out the issue. I needed to add additional alternate names for the certificate. I followed the procedure in the following link:

Creating Custom Secure LDAP Certificates for Domain Controllers with Auto Renewal | Microsoft Learn