Symptoms
1. You have Acronis Management Server Update 2 (b27009) installed on Windows 2016 which is in domain (Domain Controller is also Win2016);
2. You have disabled Sign in as the current Windows user option, as per https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/#accessing-cyber-protect-web-console.html?Highlight=sspi
3. Go to "Accounts" tab -> click "Add account";
4. Specify admin credentials for the domain;
5. Enter a username and click Search button -> Active directory is browsable and user is found;
6. Update Acronis Management Server to Update 4 (b29486)
7. Go to "Accounts" tab -> click "Add account";
8. Specify admin credentials for the domain;
9. Enter a username and click Search button;
As the result an error occurs:
Server encountered an unexpected condition that prevented it from fulfilling the request. Use as a base for more granular code and context definitions
In HAR log you see:
"method": "PUT",
"url": "http://localhost:9877/api/ad_connector/v1/ad/search?context=test.local&q...,
"response": {
"status": 500,
"statusText": "Internal Server Error",
Cause
Expected behavior. SSL certificate is required to enable LDAPS.
Solution
Create SSL certificate based on Microsoft requirements: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority#requirements-for-an-ldaps-certificate and install certificate in AD server.
Workaround
- Open file C:\Program Files\Acronis\AuthConnector\auth-connector.json5 with text editor;
- Find "connectors" parameter;
- Change both "connectionMode": from ssl_only to "auto"
Example:
"connectors": [
{
"type": "ldap",
"id": "ldap",
"config": {
"connectionMode": "auto"
}
}
],
"sync": {
"ldap": {
"connectionMode": "auto"
}
}, - Restart AMS/ASM services.