Solved

AD-LDS Instance 2008 Question

Posted on 2014-01-02
7
340 Views
Last Modified: 2014-02-05
We have an ADAM instance that was migrated from 2003 to AD-LDS 2008. After doing so, the application broke after conecting to the AD-LDS 2008. We are using a wide IP alias that was never changed. The application works if we connect to 2003 but not to the 2008 instance. Any ideas? Thank you!
0
Comment
Question by:syseng007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39752121
Have you done in place gradation from 2003 server to 2008 server  as per below link ?
http://technet.microsoft.com/en-us/library/cc732566(WS.10).aspx
In that case you should not face any issues

Is AD-LDS 2008 is also Domain controller or just member server ?

if its member server, then request you to just disjoin server from domain and re-join again and check if application is working

Mahesh
0
 

Author Comment

by:syseng007
ID: 39752239
Hi Mahesh, the migration is not in place, and AD-LDS is a member server....
0
 

Author Comment

by:syseng007
ID: 39752327
We are getting this error when we are trying to connect:

Caused by: java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.Subject.doAs(Unknown Source)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUserWithRetry(DirectoryConnection.java:104)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUserWithRetry(DirectoryConnection.java:122)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUser(DirectoryConnection.java:97)

        at mesh.entitlements.provider.adam.DirectoryConnection.getRootContext(DirectoryConnection.java:77)
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 37

Expert Comment

by:Mahesh
ID: 39752335
Have you tried disjoin \ re-join of 2008 ADLDS server please ?

If problem still persists you could give a try in place upgrade of 2003 machine as per above link

Mahesh
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39755247
Judging by the error message it sounds like the proper service DNS entries are missing for the app to find the correct ADLDS instance also ADLDS security may be more stringent that 2003..

I would suggest you follow Mahesh advice and run through the upgrade graduation processess
0
 

Author Comment

by:syseng007
ID: 39756042
@Mahesh - there are 5 instances on the member server and there's only that's kicking off an error though...So I don't think disjoin and re-add to the domain would be the solution....
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 39756302
I would suggest to try to re-register your SPN for ADLDA to make sure the service account for this ADLDS instance is registered in AD


http://technet.microsoft.com/en-us/library/cc816802(v=ws.10).aspx
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question