Solved

Shoretel AD Integration

Posted on 2015-01-29
18
739 Views
Last Modified: 2015-02-11
Hello,
We had this working fine but something has clearly changed. We think director was upgraded to 18.62.7800.0 which has broke AD integration.
I've re-read all the documents out there and tried the IIS, fix etc.
Before we just used LDAP://servername which worked fine and we can see and click show/sync buttons. They now are greyed out.
Ideas/suggestions?
Thanks
0
Comment
Question by:CHI-LTD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
18 Comments
 
LVL 40

Expert Comment

by:footech
ID: 40578802
I'm using Build 19.41.5003.0.  I've got my LDAP string set to something like
LDAP://server.domain.com/OU=Users,OU=Org,DC=domain,DC=com
Haven't experienced any issues during before or after any upgrades.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579330
Are you using a windows account in the Users OU with permission?
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40579344
and are you native 2008 r2 ?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 40

Expert Comment

by:footech
ID: 40580078
Using a Windows account for what?

Yes, we are 2008 R2 DFL and FFL.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583508
to make the connection from director to AD.
0
 
LVL 40

Expert Comment

by:footech
ID: 40583615
Unless I'm completely forgetting something, there is no account/setting for this purpose.

If you think there is, please point out exactly where this is set.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40583691
So we have a windows account (in our case) called 'shoreteldirector', of which is also a manually created account in director with the same name.  We have logged into director and windows with this account in order to enter the string LDAP path.
We also have delegated the director computer account the 2x domain controllers...
0
 
LVL 40

Expert Comment

by:footech
ID: 40584395
It doesn't matter what account(s) you specify as having administrator permissions in ShoreTel Director.  They can be either AD users or not.  We have both types in our setup.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40593668
okay.  well i cannot get this to work whatsoever.
whats odd is that even through the 2x fields arent clickable, the windows auth (for communicator) works fine.
0
 
LVL 40

Expert Comment

by:footech
ID: 40594122
I would check to make sure the ShoreTel server's membership to the domain is healthy (secure channel isn't broken).  I don't know if this would affect anything else.

Check your firewalls.  TCP 389 needs to be allowed.
I would start a network capture at the ShoreTel machine with traffic to/from the DCs, then try a "Show from AD" and see if the traffic is getting through.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40598107
Right, so wireshark is showing a bind success...
must be something else stopping the 2x buttons from showing...
0
 
LVL 40

Expert Comment

by:footech
ID: 40598972
I just double-checked something.  It does look like when I log in as an admin user which is just a user defined in ShoreTel Director (not AD), that the AD buttons are grayed out.  I could swear I remember this working but honestly it's been so long since I used that account I could be wrong.  Logging in with my AD user allows me to use the buttons.
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600251
thats the thing, we now (for whatever reason) do not see the active directory option (on the right of the login page)
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600475
woudl you be able to send me your iis authentication method screren, as per http://customers.btxchange.com/Manuals/ShoreTel/ShoreTel%20Active%20Directory%20Integration.pdf

thansk
0
 
LVL 1

Author Comment

by:CHI-LTD
ID: 40600477
edit, think ive fixed it
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40601364
My authentication settings are the same as in the document.  All disabled except Windows Integrated.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 40602666
mine wasnt!  i have anonymous enabled also.
The IE auth setting was also wrong.

thanks for help.
0
 
LVL 40

Expert Comment

by:footech
ID: 40603712
Glad you got it worked out.
0

Featured Post

Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question