Troubleshooting Microsoft AD Spoke Authentication/Connections Issues - Support and Troubleshooting

Troubleshooting Microsoft AD Spoke Authentication/Connections Issues Instructions Setup Microsoft AD Spoke

Prerequisites:

MID server should setup and configured. Ensure that MID server is configured, up and running. Account with required permissions. For more information on permissions, see KB0829224 .

Navigate to Credentials & Connections > Connection & Credential Aliases . Open the AD record. From the Connections tab, click New .

On the form, fill in the fields: Field

Description

Name

Unique name to identify the connection. For example, Microsoft AD Connection.

Credential

Credential record associated with the connection.

Connection alias

Connection alias associated with the connection. The connection alias is auto-populated to “sn_ad_spoke.AD”.

Host

Name of the host. The value must be “ IP Address / FQDN of the domain controller ”. Note: Hosts that are load balancers are not tested and may not be supported.

Use MID server

Option to enable of use of MID server.

MID Selection

Option to use the mode of selection for the MID server.

MID Application

Option to select the application type for the MID server.

Note: Make sure that the associated credential record is of the Windows type.

The spoke setup is complete.

Troubleshooting:

Use Lookup User or Lookup Group actions to verify the spoke setup. If you use Test Credentials in the credential record, you may have to add the account to domain admins separately.

2. If Lookup User or Lookup Group executes successfully but any other action fails with authentication error,

SEVERE *** ERROR *** Authentication failure with the user

SEVERE *** ERROR *** Failed while executing xxx.ps1 (Access denied) then most likely the account specified in the credential record does not have enough permissions to perform the operation. To find the root cause of the issue, try running the action with the domain admin account. If the action runs without any issues, the error may be because of permission issues. You can also verify if the error is caused by permissions, by manually performing the operation in the AD environment or running the Powershell script to perform the operation. For more information on how to verify, refer KB0955440

If “Server not operational” error is displayed for any of the actions, the error may have occurred because of an invalid host. Make sure that the correct domain controller is specified in the host field.

For more information about multi-domain architecture, refer KB0862295

For more information about permission issues, refer KB0829224