Solved

Shoretel AD Integration

Posted on 2015-01-29
18
549 Views
Last Modified: 2015-02-11
Hello,
We had this working fine but something has clearly changed. We think director was upgraded to 18.62.7800.0 which has broke AD integration.
I've re-read all the documents out there and tried the IIS, fix etc.
Before we just used LDAP://servername which worked fine and we can see and click show/sync buttons. They now are greyed out.
Ideas/suggestions?
Thanks
0
Comment
Question by:CHI-LTD
  • 10
  • 8
18 Comments
 
LVL 39

Expert Comment

by:footech
ID: 40578802
I'm using Build 19.41.5003.0.  I've got my LDAP string set to something like
LDAP://server.domain.com/OU=Users,OU=Org,DC=domain,DC=com
Haven't experienced any issues during before or after any upgrades.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579330
Are you using a windows account in the Users OU with permission?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579344
and are you native 2008 r2 ?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 39

Expert Comment

by:footech
ID: 40580078
Using a Windows account for what?

Yes, we are 2008 R2 DFL and FFL.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583508
to make the connection from director to AD.
0
 
LVL 39

Expert Comment

by:footech
ID: 40583615
Unless I'm completely forgetting something, there is no account/setting for this purpose.

If you think there is, please point out exactly where this is set.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583691
So we have a windows account (in our case) called 'shoreteldirector', of which is also a manually created account in director with the same name.  We have logged into director and windows with this account in order to enter the string LDAP path.
We also have delegated the director computer account the 2x domain controllers...
0
 
LVL 39

Expert Comment

by:footech
ID: 40584395
It doesn't matter what account(s) you specify as having administrator permissions in ShoreTel Director.  They can be either AD users or not.  We have both types in our setup.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40593668
okay.  well i cannot get this to work whatsoever.
whats odd is that even through the 2x fields arent clickable, the windows auth (for communicator) works fine.
0
 
LVL 39

Expert Comment

by:footech
ID: 40594122
I would check to make sure the ShoreTel server's membership to the domain is healthy (secure channel isn't broken).  I don't know if this would affect anything else.

Check your firewalls.  TCP 389 needs to be allowed.
I would start a network capture at the ShoreTel machine with traffic to/from the DCs, then try a "Show from AD" and see if the traffic is getting through.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40598107
Right, so wireshark is showing a bind success...
must be something else stopping the 2x buttons from showing...
0
 
LVL 39

Expert Comment

by:footech
ID: 40598972
I just double-checked something.  It does look like when I log in as an admin user which is just a user defined in ShoreTel Director (not AD), that the AD buttons are grayed out.  I could swear I remember this working but honestly it's been so long since I used that account I could be wrong.  Logging in with my AD user allows me to use the buttons.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600251
thats the thing, we now (for whatever reason) do not see the active directory option (on the right of the login page)
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600475
woudl you be able to send me your iis authentication method screren, as per http://customers.btxchange.com/Manuals/ShoreTel/ShoreTel%20Active%20Directory%20Integration.pdf

thansk
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600477
edit, think ive fixed it
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40601364
My authentication settings are the same as in the document.  All disabled except Windows Integrated.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 40602666
mine wasnt!  i have anonymous enabled also.
The IE auth setting was also wrong.

thanks for help.
0
 
LVL 39

Expert Comment

by:footech
ID: 40603712
Glad you got it worked out.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question