70558: Acronis Cyber Protect 15 Build 29486: "ldap connection failed: : ldap: connect. LDAP Result Code 81 "Server Down"" error when browsing the domain under "Accounts" tab if "Sign in as the current Windows user" is disabled

use Google Translate

Last update: 25-05-2022

Symptoms

1. You have Acronis Management Server Update 2 (b27009) installed on Windows 2016 which is in domain (Domain Controller is also Win2016);
2. You have disabled Sign in as the current Windows user option, as per https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/#accessing-cyber-protect-web-console.html?Highlight=sspi
3. Go to "Accounts" tab -> click "Add account";
4. Specify admin credentials for the domain;
5. Enter a username and click Search button -> Active directory is browsable and user is found;
6. Update Acronis Management Server to Update 4 (b29486)
7. Go to "Accounts" tab -> click "Add account";
8. Specify admin credentials for the domain;
9. Enter a username and click Search button;

As the result an error occurs:

Server encountered an unexpected condition that prevented it from fulfilling the request. Use as a base for more granular code and context definitions

In HAR log you see:

"request": {
          "method": "PUT",
          "url": "http://localhost:9877/api/ad_connector/v1/ad/search?context=test.local&q...,
...
"response": {
          "status": 500,
          "statusText": "Internal Server Error",

Cause

Expected behavior. SSL certificate is required to enable LDAPS.

Solution

Create SSL certificate based on Microsoft requirements: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority#requirements-for-an-ldaps-certificate and install certificate in AD server.

Workaround

  • Open file C:\Program Files\Acronis\AuthConnector\auth-connector.json5 with text editor;
  • Find "connectors" parameter;
  • Change both "connectionMode": from ssl_only to "auto"

    Example:

    "connectors": [
        {
          "type": "ldap",
          "id": "ldap",
          "config": {
            "connectionMode": "auto"
          }
        }
      ],
      "sync": {
        "ldap": {
          "connectionMode": "auto"
        }
      },
  • Restart AMS/ASM services.

 

 

Tags: