Solved

Shoretel AD Integration

Posted on 2015-01-29
18
590 Views
Last Modified: 2015-02-11
Hello,
We had this working fine but something has clearly changed. We think director was upgraded to 18.62.7800.0 which has broke AD integration.
I've re-read all the documents out there and tried the IIS, fix etc.
Before we just used LDAP://servername which worked fine and we can see and click show/sync buttons. They now are greyed out.
Ideas/suggestions?
Thanks
0
Comment
Question by:CHI-LTD
  • 10
  • 8
18 Comments
 
LVL 40

Expert Comment

by:footech
ID: 40578802
I'm using Build 19.41.5003.0.  I've got my LDAP string set to something like
LDAP://server.domain.com/OU=Users,OU=Org,DC=domain,DC=com
Haven't experienced any issues during before or after any upgrades.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579330
Are you using a windows account in the Users OU with permission?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579344
and are you native 2008 r2 ?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 40

Expert Comment

by:footech
ID: 40580078
Using a Windows account for what?

Yes, we are 2008 R2 DFL and FFL.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583508
to make the connection from director to AD.
0
 
LVL 40

Expert Comment

by:footech
ID: 40583615
Unless I'm completely forgetting something, there is no account/setting for this purpose.

If you think there is, please point out exactly where this is set.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583691
So we have a windows account (in our case) called 'shoreteldirector', of which is also a manually created account in director with the same name.  We have logged into director and windows with this account in order to enter the string LDAP path.
We also have delegated the director computer account the 2x domain controllers...
0
 
LVL 40

Expert Comment

by:footech
ID: 40584395
It doesn't matter what account(s) you specify as having administrator permissions in ShoreTel Director.  They can be either AD users or not.  We have both types in our setup.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40593668
okay.  well i cannot get this to work whatsoever.
whats odd is that even through the 2x fields arent clickable, the windows auth (for communicator) works fine.
0
 
LVL 40

Expert Comment

by:footech
ID: 40594122
I would check to make sure the ShoreTel server's membership to the domain is healthy (secure channel isn't broken).  I don't know if this would affect anything else.

Check your firewalls.  TCP 389 needs to be allowed.
I would start a network capture at the ShoreTel machine with traffic to/from the DCs, then try a "Show from AD" and see if the traffic is getting through.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40598107
Right, so wireshark is showing a bind success...
must be something else stopping the 2x buttons from showing...
0
 
LVL 40

Expert Comment

by:footech
ID: 40598972
I just double-checked something.  It does look like when I log in as an admin user which is just a user defined in ShoreTel Director (not AD), that the AD buttons are grayed out.  I could swear I remember this working but honestly it's been so long since I used that account I could be wrong.  Logging in with my AD user allows me to use the buttons.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600251
thats the thing, we now (for whatever reason) do not see the active directory option (on the right of the login page)
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600475
woudl you be able to send me your iis authentication method screren, as per http://customers.btxchange.com/Manuals/ShoreTel/ShoreTel%20Active%20Directory%20Integration.pdf

thansk
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600477
edit, think ive fixed it
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40601364
My authentication settings are the same as in the document.  All disabled except Windows Integrated.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 40602666
mine wasnt!  i have anonymous enabled also.
The IE auth setting was also wrong.

thanks for help.
0
 
LVL 40

Expert Comment

by:footech
ID: 40603712
Glad you got it worked out.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question