ā09-02-2021 06:33 AM
I have an installation with Duo Auth Proxy which connects to AD for retrieving users.
A couple of days ago it stopped working and Iām now getting error messages in the authproxy log.
It says: - Failed to communicate with any Active Directory server.
- Initial LDAP bind to AD failed: invalidCredentials
- Primary credentials rejected
I have double checked the username and password in AD but I still cannot figure out what causes the problem/errors.
Any suggestions?
Solved! Go to Solution.
ā09-08-2021 04:42 AM
Hi.
I found the problem by using the authproxy_connectivity_tool.
Was some traffic that was blocked by the firewall.
Works perfectly now.
ā09-02-2021 07:36 AM
Iāve just received a very confusing email from Duo saying that our AD Sync has stopped working. Which is news to me as I wasnāt aware we were using AD Sync (weāre not AFAIK). Iām directed to this console:
ā09-02-2021 08:45 AM
@robnicholson ā I have received the same message, now three times. When I look at my Directory Sync page, I note that there appear to be three bogus directory entries for AD, in addition to the one genuine entry for our actual AD sync. The three bogus entries are labeled AD, AD(2) and AD(3), and Iām not sure how they got there (!)
ā09-02-2021 09:36 AM
Sounds like Duo are having a bad dayā¦
ā09-02-2021 10:00 AM
One thing you might try is to run the authproxy_connectivity_tool.exe located on your authproxy server in C:\Program Files\Duo Security Authentication Proxy\bin folder. This should verify connectivity between DUO / AD and the authproxy.
Let us know.
ā09-07-2021 06:18 AM
@lkeyes @robnicholson Those emails were sent to admins who had created a directory sync configuration but then did not actually configure any groups in the sync. We are sorry for any confusion this may have caused (feedback showed that some admins did not recall creating the syncs with incomplete configuration in the first place).
If you arenāt using those syncs and have no plan to complete setup for them, you should delete them.
These emails are unrelated to the OPās posted issue. Using the connectivity tool is a good suggestion, so thank you @lkeyes! However, if the issue is with authentication to AD the connectivity tool output is likely to show the same auth failure already shown in authproxy.log.
@sindreh There are some suggestions you can work through in this KB article: Why were my Active Directory server credentials rejected when configuring Directory Sync?. If these donāt help you resolve the issue feel free to contact Duo Support for 1:1 troubleshooting.
ā09-07-2021 08:58 AM
That certainly applies to me! All I setup AFAIK are these two applications:
Does this infer some kind of directory replication?
ā09-07-2021 09:25 AM
No, directory sync configs are totally distinct from protected applications and creating one does not also create the other.
ā09-08-2021 04:42 AM
Hi.
I found the problem by using the authproxy_connectivity_tool.
Was some traffic that was blocked by the firewall.
Works perfectly now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide