Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

AD-LDS Instance 2008 Question

Posted on 2014-01-02
7
Medium Priority
?
344 Views
Last Modified: 2014-02-05
We have an ADAM instance that was migrated from 2003 to AD-LDS 2008. After doing so, the application broke after conecting to the AD-LDS 2008. We are using a wide IP alias that was never changed. The application works if we connect to 2003 but not to the 2008 instance. Any ideas? Thank you!
0
Comment
Question by:syseng007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39752121
Have you done in place gradation from 2003 server to 2008 server  as per below link ?
http://technet.microsoft.com/en-us/library/cc732566(WS.10).aspx
In that case you should not face any issues

Is AD-LDS 2008 is also Domain controller or just member server ?

if its member server, then request you to just disjoin server from domain and re-join again and check if application is working

Mahesh
0
 

Author Comment

by:syseng007
ID: 39752239
Hi Mahesh, the migration is not in place, and AD-LDS is a member server....
0
 

Author Comment

by:syseng007
ID: 39752327
We are getting this error when we are trying to connect:

Caused by: java.security.PrivilegedActionException: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]]

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.Subject.doAs(Unknown Source)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUserWithRetry(DirectoryConnection.java:104)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUserWithRetry(DirectoryConnection.java:122)

        at mesh.entitlements.provider.adam.DirectoryConnection.doAsCurrentUser(DirectoryConnection.java:97)

        at mesh.entitlements.provider.adam.DirectoryConnection.getRootContext(DirectoryConnection.java:77)
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 37

Expert Comment

by:Mahesh
ID: 39752335
Have you tried disjoin \ re-join of 2008 ADLDS server please ?

If problem still persists you could give a try in place upgrade of 2003 machine as per above link

Mahesh
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 39755247
Judging by the error message it sounds like the proper service DNS entries are missing for the app to find the correct ADLDS instance also ADLDS security may be more stringent that 2003..

I would suggest you follow Mahesh advice and run through the upgrade graduation processess
0
 

Author Comment

by:syseng007
ID: 39756042
@Mahesh - there are 5 instances on the member server and there's only that's kicking off an error though...So I don't think disjoin and re-add to the domain would be the solution....
0
 
LVL 20

Accepted Solution

by:
compdigit44 earned 2000 total points
ID: 39756302
I would suggest to try to re-register your SPN for ADLDA to make sure the service account for this ADLDS instance is registered in AD


http://technet.microsoft.com/en-us/library/cc816802(v=ws.10).aspx
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question