Don't miss out Virtual Happy Hour this Friday (April 26).
Try our conversational search powered by Generative AI!
AI OnAI Off
AD working internally - Not authenticating against external copy - options to diagnose?
Hi,
Did you find and read these URLs?
http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=43724&epslanguage=en
LDAP browsers that you test with will usually connect without having 445 open which makes it even more difficult to solve problems.
May 01, 2017 22:12
Port 445 not being open was definitely one of the issues, thank you. I can get to the login screen now, but unfortunately its still not authenticating. Going to see if its possible to grab a log of the attempts from the RODC.
May 02, 2017 18:25
Looking at the packets themselves gives this error:
V80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 0, v2580.
May 02, 2017 23:45
I'm assuming you already found this? http://stackoverflow.com/questions/31411665/ldap-error-code-49-80090308-ldaperr-dsid-0c0903a9-comment-acceptsecurityc
May 03, 2017 9:26
Yeah thats a slightly different error though. I only found one unanswered question on StackOverflow that had this exact error/situation. Trying to get in contact with him now.
May 03, 2017 18:56
Some time has passed with this issue. We ended up opening a ticket with Epi and also looked at a contractor to resolve this, but its essentially dead in the water. Looking at another contractor as an option and possibly into ADFS as an alternative.
Jun 22, 2017 23:51
Hey Eric,
Here is a good couple of articles about AD on DMZ in that I hope you will find something intresting, please see
Please keep us posted about your findings.
Thanks,
Nikolay.
Jun 23, 2017 14:54
Hi Erik,
You wrote that opening port 445 (related to trust relationships ) was slighly improved the situation and leads to get the logon screen. Furthermore I suspect the root of your issues is a broken trust relationships between domains (there are many cases to break it, i.e. DC reboots), could you try to reestablish the trusts?
Jun 23, 2017 15:33
We have an internal domain controller I've been authenticating against for development. Externally, we use a read-only copy with a slightly different name.
Internal:
Since the username is the same, I thought simply changing it to the proper RODC would be all thats needed.
Unfortunately its not working. I've tested this connection in ADSiEdit and its connecting as it should both my local box and the dmz box. Any tips on diagnosing whats actually going wrong?