ArcGIS server active directory integration does not work

3349
2
12-09-2013 07:18 AM
ChrisDalla_Piazza
New Contributor III
I am having trouble setting up our ArcGIS server to use Users and roles from an existing enterprise system (LDAP or Windows Domain).

I am able to successfully test the connection when I set up the integration.  However, when I go to the users or roles tab afterwards, I am unable to see the list of users or roles.  I just get a never ending status bar.  When I go to http://servername:6080/arcgis/admin/security/users/getUsers and try to get users from my domain, all I get back is the following:

(IP address of domain controller):3268 (in red)

I installed Network Monitor and what I found is that the ArcGIS server is hitting port 3268 of one of our domain controllers.  However, that domain controller is not a global catalog server.  It is not listening on port 3268.

I also found that during the connection test, ArcGIS server hits port 389 instead of 3268.  This explains why the test works but then I can't do anything afterwards.

Does anyone know how I can convince ArcGIS server to connect to the correct domain controller which is a global catalog server?
0 Kudos
2 Replies
ChrisDalla_Piazza
New Contributor III
0 Kudos
DanielHowes1
New Contributor II

I am having similar problems trying to connect to a domain controller that is not a global catalog.  However, I am using ArcGIS for server version 10.3.1.  My error message reads:

"Could not connect to the identity store as one or more of the connection parameters is incorrect. Verify that you can connect to the identity store outside of ArcGIS Server using the same parameters. [IP Address]:3268"

Essentially I think the issue is (as previously mentioned) that it is trying to connect on port 3268 which is only for global catalogs.  However, updating the config file (as per the link, or the 10.3 link http://server.arcgis.com/en/server/latest/administer/windows/configuring-the-domain-controller-used-...) does not resolve this issue.

I also tried adding ":389" in the configuration but this threw an even uglier error message when I tried to retrieve the users.

Does anyone have a 10.3.1 workaround for this?

0 Kudos