Jump to content
Welcome to our new Citrix community!

New NetScaler 11 LDAP Authentication Fail


Recommended Posts

I am building a new domain and trying to get NetScaler / XenDesktop up and running as in my old domain. When trying to enter LDAP authentication details I get the error:

close.png

 

Server '10.0.10.70' is reachable. port '389/tcp' is open. '10.0.10.70' is a valid LDAP server. Valid Credentials are not provided.

 

I have verified the account names, password, DN etc but nothing works. As a test I entered information from my old domain in my other currently working Netscaler/Xen setup (still online and in same subnet space) The DN and user account from my old domain authenticated fine. I can't remember if I made any adjustments to the NetScaler after installation in my old domain to get things working. Any help would be appreciated.

 

Netscaler VPX 1000

Release NS11.1 49.16nc

 

-BH

Link to comment
Share on other sites

I am having the exact same issue, but with a 2012 domain controller.  Can you please explain exactly what you did to resolve the issue?  Not sure were the SSL Secure authentication is configured.  Thanks

 

It would be configured in a GPO. Default new domain GPO's are basic and un-configured. I import and modify standardized GPO packages from Microsoft as a baseline. You can test by opening ldp.exe from the domain controller and try to bind to the Configuration Container in AD with simple authentication. If you're not able to bind with simple auth then you will not be able to authenticate from the Netscaler via this method. Alternatively, if you have SSL configured for your domain, you need to specify this in the Netscaler Authentication settings, using port 636 for secure auth.

 

-BH

Link to comment
Share on other sites

It would be configured in a GPO. Default new domain GPO's are basic and un-configured. I import and modify standardized GPO packages from Microsoft as a baseline. You can test by opening ldp.exe from the domain controller and try to bind to the Configuration Container in AD with simple authentication. If you're not able to bind with simple auth then you will not be able to authenticate from the Netscaler via this method. Alternatively, if you have SSL configured for your domain, you need to specify this in the Netscaler Authentication settings, using port 636 for secure auth.

 

-BH

 

Thanks.  I took a look at the default domain GPO and the setting was not configured.  I then installed an older version of Netscaler (v 11.0) and I am not experiencing the issue.  Not sure if there is a bug or if the way the new version handles ldap is different.  

 

Ideally, i would like to be running on the most current version of Netscaler.

Link to comment
Share on other sites

Thanks.  I took a look at the default domain GPO and the setting was not configured.  I then installed an older version of Netscaler (v 11.0) and I am not experiencing the issue.  Not sure if there is a bug or if the way the new version handles ldap is different.  

 

Ideally, i would like to be running on the most current version of Netscaler.

It could be a setting in another GPO. Mine was in the GPO I imported and setup for 2016 Domain Controllers linked to the Domain Controllers OU. Just verify any of the linked GPO's at the top domain and the DC OU don't have the SSL authentication set.

 

-BH

Link to comment
Share on other sites

  • 2 years later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...