Solved

AD-LDS Instance 2008 Question

Posted on 2014-01-02
7
335 Views
Last Modified: 2014-02-05
We have an ADAM instance that was migrated from 2003 to AD-LDS 2008. After doing so, the application broke after conecting to the AD-LDS 2008. We are using a wide IP alias that was never changed. The application works if we connect to 2003 but not to the 2008 instance. Any ideas? Thank you!
0
Comment
Question by:syseng007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39752121
Have you done in place gradation from 2003 server to 2008 server  as per below link ?
http://technet.microsoft.com/en-us/library/cc732566(WS.10).aspx
In that case you should not face any issues

Is AD-LDS 2008 is also Domain controller or just member server ?

if its member server, then request you to just disjoin server from domain and re-join again and check if application is working

Mahesh
0
 

Author Comment

by:syseng007
ID: 39752239
Hi Mahesh, the migration is not in place, and AD-LDS is a member server....
0
 

Author Comment

by:syseng007
ID: 39752327
We are getting this error when we are trying to connect:

Caused by: java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.Subject.doAs(Unknown Source)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUserWithRetry(DirectoryConnection.java:104)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUserWithRetry(DirectoryConnection.java:122)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUser(DirectoryConnection.java:97)

        at mesh.entitlements.provider.adam.DirectoryConnection.getRootContext(DirectoryConnection.java:77)
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 37

Expert Comment

by:Mahesh
ID: 39752335
Have you tried disjoin \ re-join of 2008 ADLDS server please ?

If problem still persists you could give a try in place upgrade of 2003 machine as per above link

Mahesh
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39755247
Judging by the error message it sounds like the proper service DNS entries are missing for the app to find the correct ADLDS instance also ADLDS security may be more stringent that 2003..

I would suggest you follow Mahesh advice and run through the upgrade graduation processess
0
 

Author Comment

by:syseng007
ID: 39756042
@Mahesh - there are 5 instances on the member server and there's only that's kicking off an error though...So I don't think disjoin and re-add to the domain would be the solution....
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 39756302
I would suggest to try to re-register your SPN for ADLDA to make sure the service account for this ADLDS instance is registered in AD


http://technet.microsoft.com/en-us/library/cc816802(v=ws.10).aspx
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question