Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP not working

    We recently deployed the latest version (Build:21.86.1828.0) of ShoreTel/MiTel Connect to a brand new server (our configuration is simple, and it was easier to setup the new VM instead of upgrading). The configuration was created from scratch, and we have virtualized our single HQ on a VMWare 6.5 / Windows 2016 server. The AD server is Windows 2012 R2. We also have the vCollab server up and running, communicating with HQ and switches.

    After tweaking for a few weeks, the 2 issues we are having is LDAP not working properly and being unable to connect to the IM server. A breakdown of what was tried and what works:

    - LDAP partially works: we are able to sign on the Mitel Connect client and Director using Windows Authentication. However, If we press the "SHOW FROM AD" or "SYNC FROM AD" button, we get prompted for a password, but it responds by "Failed to get data from Active Directory server".

    - We are unable to sync or pull in any data into our directory (such as viewing mobile numbers in the AD).

    - We have tried different variants of the AD path, including the "dc" strings, port numbers, and server. The one that "partially" works is the LDAP://domain.local .

    - Installed the LDP powershell tool on the HQ server, and confirmed LDAP is working for ports 389 and 636.

    - I think the reason IM is not working is LDAP is not fully working.

    Has anyone else have issues syncing with Connect or connecting to the IM server? I have attached screenshots of our configuration to help review.

    Thank you.

    example.png
    Attached Files
    Last edited by rpc; 03-30-2018, 07:49 AM.

  • #2
    I would make sure your server has delegations rights in AD. I couldn't see LDAP being the reason for the IM issues but you never know. have you tried to use everything without AD enabled?
    Lance Paddock
    BTX | Business Telephone eXchange
    1(800) 289-0299

    Comment


    • #3
      Yes, "Trust this computer for delegation to any service (Kerberos only)" is selected. I am able to log in with both a non-domain and domain user as well.

      Comment


      • #4
        We were able to get it to work using: LDAP://domain.local/DC=domain,DC=local
        One thing I did not try originally is logging out and in every time I changed the setting. Also the IM server had to match our domain email, which was different than our domain name. There is a KB from 10/5/17 that shows the registry edit to make this happen.

        Thanks for your help.

        Comment


        • #5
          That's good to hear
          Lance Paddock
          BTX | Business Telephone eXchange
          1(800) 289-0299

          Comment

          Working...
          X