Re: Not able to connect to Active Directory - Qlik Community

mtabernad · ‎2019-12-11

Hi all,

I am trying to connect to Active Directory but I get the following errors:

I checked the log file:

Sequence# Timestamp Level Hostname Logger Thread Id ServiceUser Message Exception StackTrace ProxySessionId Id2
32 20191211T133250.107+0100 INFO qlik_pro_01 UserManagement.Repository.Repository.Users.Factories.UserDirectoryFactory 110 20356d13-715e-4ecc-858e-42553e2ef215 QLIK_PRO_01\qsadmin Looking up RootDSE: LDAP://agbar.ga.local/RootDSE 20356d13-715e-4ecc-858e-42553e2ef215
33 20191211T133250.357+0100 ERROR qlik_pro_01 UserManagement.Repository.Repository.Users.Factories.UserDirectoryFactory 110 0afd09af-b079-4d1d-a7d3-68f0dd80d134 QLIK_PRO_01\qsadmin Fetching directoryentry LDAP://agbar.ga.local/RootDSE failed: El servidor no es funcional.↵↓ 0afd09af-b079-4d1d-a7d3-68f0dd80d134
34 20191211T133250.359+0100 ERROR qlik_pro_01 UserManagement.Repository.Repository.Users.Factories.UserDirectoryFactory 110 025c7f4b-32fb-41c6-924a-c8a23b2ca61b QLIK_PRO_01\qsadmin Exception while initializing LDAP://agbar.ga.local: Setting up connection to LDAP root node failed. Check log file. 025c7f4b-32fb-41c6-924a-c8a23b2ca61b
35 20191211T133250.359+0100 WARN qlik_pro_01 UserManagement.Repository.Repository.Users.Factories.UserDirectoryFactory 110 5b25192f-b40a-490b-ad80-5cfc8c7300d4 QLIK_PRO_01\qsadmin Setup of ActiveDirectory UDC not successful: Setting up connection to LDAP root node failed. Check log file. 5b25192f-b40a-490b-ad80-5cfc8c7300d4
36 20191211T133250.360+0100 WARN qlik_pro_01 UserManagement.Repository.Repository.Users.Factories.UserDirectoryFactory 35 8c9a99a6-8a05-4d2d-adc5-41a87f91d664 QLIK_PRO_01\qsadmin Setting up UDC of type Repository.UserDirectoryConnectors.LDAP.ActiveDirectory unsuccessful Setting up connection to LDAP root node failed. Check log file. en Repository.Users.SafeUserDirectoryConnector.CallWithTimeout[T](Func`1 func, TimeSpan timeout)↵↓ en Repository.Users.SafeUserDirectoryConnector.Setup(Logger logger)↵↓ en Repository.Users.Factories.UserDirectoryFactory.TrySetupUserDirectory(UserDirectory userDirectory) 8c9a99a6-8a05-4d2d-adc5-41a87f91d664

As I marked in red, it says "el servidor no es funcional" which means no functional server. But I do not know what to do.

I made some research in Qlik Community but I didn't get anything which solves my problem. Could anyone kindly help me?

Thank you in advance.

andoryuu · ‎2019-12-11

I had issues setting up AD in the beginning that I found was solved by having an accurate LDAP filter, using the service account to access it, and making sure I was hitting our correct LDAP address. Heres a redacted version of our setup:

mtabernad · ‎2019-12-11

Thank you for your quick reply. I have similar configuration and I get the errors mentioned above.

andoryuu · ‎2019-12-11

I know this is probably not it, but I have to ask - can you try doing lowercase ldap://...... for your connection and seeing if that works?

andoryuu · ‎2019-12-11

Also, try syncing with a single group using the standard ldap case for "sAMAccountName" like

(&(objectCategory=person)(objectClass=user)(|(memberOf:=sAMAccountName=yourgrouphere)))

and also try with the explicit CN (assuming its in managed groups - adjust as needed - if not sure you can query the group attributes using RSAT

(&(objectCategory=person)(objectClass=user)(|(memberOf:=yourgrouphere,OU=Managed,OU=Groups,DC=yourdomain,DC=yourdomainextension)))

mtabernad · ‎2019-12-11

It doesn't get fix with lowercase. It is already done what you said about sAMAccountName and the explicit CN. Still does not work...

Thank you anyway for your help and time! 😉

andoryuu · ‎2019-12-11

Man, this is weird. You tried increasing your timeout to like 2000 to try to give it more time or is the rejection immediate? What do your repository logs say in the programdata\qlik\sense\logs\repository\system or \trace or \audit say? Any errors listed? Are you able to open a powershell terminal with that service account and query LDAP? How about your personal account - if so, have you tried connecting the connector with your account (just temporarily to diagnose)?

mtabernad · ‎2019-12-13

Rejection is inmediate. I did not find anything helpful in my logs beyond what I said in the first message of the post.

Are you able to open a powershell terminal with that service account and query LDAP? ----> I don't really know what you mean with this, I am not quite familiar with powershell.

How about your personal account - if so, have you tried connecting the connector with your account (just temporarily to diagnose)? ---> I do not know why I would have to use my personal account. Do you mean to use it in "User name"? What for?

Do I have to install any LDAP connector? or is it installed by default with Qlik?

Thank you once again.

mtabernad · ‎2019-12-13

Do I have to download a LDAP connector as following image says?

Do I have to set up something similar to this?

Thank you.

andoryuu · ‎2019-12-13

Yes that is one option so that you can test to see if you can even read AD. Right click the exe while holding shift and "run as a different user". Enter the service account credentials. see if you get data returned from active directory.