Jump to content

LDAP Import Error TCP 443


Brhow
 Share

Recommended Posts

Hello, 

I am receiving the following error when trying to run the LDAP import:

[ERROR] Connecting Error: dial tcp 10.200.24.104:443: connectex: No connection could be made because the target machine actively refused it.

The IP address is our Active Directory LDAP server. The windows Defender firewall is turned off for the purpose of testing this. 

However when i run netstat -an, the server is not listening on port 443.

I dont understand what this exe is trying to connect to, ldap ports are 389 and 636. 

Thank you

ldapimporterror.png

Link to comment
Share on other sites

There seems to be more than one thing going on here which will confuse matters. 

Which server is not listening on 443? Do you mean our server?

Just to we are clear on how the LDAP import works, it will connect to your LDAP server on 389/636 as per the standard.  It will connect over HTTP to our edge server (in the cloud) over HTTPS using port 443. 

In terms of the ConnectEx error, the LDAP API we are using is reporting that the server (thats your LDAP server I presume) is actively refusing the connection. This could be anything from a locally installed firewall, settings in your LDAP server etc..  Windows Updates have a habit of turning on the Windows Firewall, I would check that again. 

 

Gerry

Link to comment
Share on other sites

Thank you for your prompt reply. 

I am running the Import tool from my own computer. I have also tried from the domain controller. 

I would have assumed the tool will query ldap from my computer to hfrs-dc-02 over 636 then out to your edge server using 443.

But the log is stating that it is trying to connect to hfrs-dc-02 via 443, but there is nothing there to respond on that port as ldap doesnt use it.

Its almost like the hard coded port number is wrong for the import tool, and it should be trying to query ldap on 636, or the log is misleading. 

I have used ldp.exe to test the ldap connection and it looks right to me. 

Thanks

image.thumb.png.32b10e79575a4d4a6f5b13353257037a.pngBrett

Link to comment
Share on other sites

What is this about a keysafe on the wiki page?

[ERROR] Connection Error: dial tcp xx.xxx.xx.xx:389: conectex: a connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. - A connection error containing an IP address with port "389" indicates that the utility had a problem connecting to the LDAP server. i.e. the server could not be reached or did not respond. This could be due to incorrect LDAP login details being specified, check what you have stored in the KeySafe and that the correct KeySafe entry is specified in the Data Import Configuration.

Link to comment
Share on other sites

Update: Found the key safe. It had 443 listed as port which i believe is probably wrong. Changed this to 636 and now it is doing an ldap query correctly but failing with a new error:  

Bind Error: LDAP Result Code 211 "ErrorClosing": Response Channel Closed

This looks more like an authentication issue now. Do I need to specify the domain in the account? double backslash looks weird to me. 

image.thumb.png.086b57b9fddb8397a4205985a6fea5bb.png

Link to comment
Share on other sites

Got it working.

Had to change the following options:

Keysafe:

Host - Fully Qualified Domain Name (to match SSL certificate)

Port - 636

Username - No domain

LDAP Import:

Connection Type - SSL

Allow insecure connection - Off

 

  • Like 1
Link to comment
Share on other sites

Great news, you seem to have nailed it now, sorry for my late reply. 

Thanks for posting what you found to fix the problem here, I am sure this will help someone else in the future. 

Thanks

Gerry

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...