?
Solved

Shoretel AD Integration

Posted on 2015-01-29
18
Medium Priority
?
841 Views
Last Modified: 2015-02-11
Hello,
We had this working fine but something has clearly changed. We think director was upgraded to 18.62.7800.0 which has broke AD integration.
I've re-read all the documents out there and tried the IIS, fix etc.
Before we just used LDAP://servername which worked fine and we can see and click show/sync buttons. They now are greyed out.
Ideas/suggestions?
Thanks
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
18 Comments
 
LVL 40

Expert Comment

by:footech
ID: 40578802
I'm using Build 19.41.5003.0.  I've got my LDAP string set to something like
LDAP://server.domain.com/OU=Users,OU=Org,DC=domain,DC=com
Haven't experienced any issues during before or after any upgrades.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579330
Are you using a windows account in the Users OU with permission?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579344
and are you native 2008 r2 ?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 40

Expert Comment

by:footech
ID: 40580078
Using a Windows account for what?

Yes, we are 2008 R2 DFL and FFL.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583508
to make the connection from director to AD.
0
 
LVL 40

Expert Comment

by:footech
ID: 40583615
Unless I'm completely forgetting something, there is no account/setting for this purpose.

If you think there is, please point out exactly where this is set.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583691
So we have a windows account (in our case) called 'shoreteldirector', of which is also a manually created account in director with the same name.  We have logged into director and windows with this account in order to enter the string LDAP path.
We also have delegated the director computer account the 2x domain controllers...
0
 
LVL 40

Expert Comment

by:footech
ID: 40584395
It doesn't matter what account(s) you specify as having administrator permissions in ShoreTel Director.  They can be either AD users or not.  We have both types in our setup.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40593668
okay.  well i cannot get this to work whatsoever.
whats odd is that even through the 2x fields arent clickable, the windows auth (for communicator) works fine.
0
 
LVL 40

Expert Comment

by:footech
ID: 40594122
I would check to make sure the ShoreTel server's membership to the domain is healthy (secure channel isn't broken).  I don't know if this would affect anything else.

Check your firewalls.  TCP 389 needs to be allowed.
I would start a network capture at the ShoreTel machine with traffic to/from the DCs, then try a "Show from AD" and see if the traffic is getting through.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40598107
Right, so wireshark is showing a bind success...
must be something else stopping the 2x buttons from showing...
0
 
LVL 40

Expert Comment

by:footech
ID: 40598972
I just double-checked something.  It does look like when I log in as an admin user which is just a user defined in ShoreTel Director (not AD), that the AD buttons are grayed out.  I could swear I remember this working but honestly it's been so long since I used that account I could be wrong.  Logging in with my AD user allows me to use the buttons.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600251
thats the thing, we now (for whatever reason) do not see the active directory option (on the right of the login page)
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600475
woudl you be able to send me your iis authentication method screren, as per http://customers.btxchange.com/Manuals/ShoreTel/ShoreTel%20Active%20Directory%20Integration.pdf

thansk
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600477
edit, think ive fixed it
0
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 40601364
My authentication settings are the same as in the document.  All disabled except Windows Integrated.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 40602666
mine wasnt!  i have anonymous enabled also.
The IE auth setting was also wrong.

thanks for help.
0
 
LVL 40

Expert Comment

by:footech
ID: 40603712
Glad you got it worked out.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question