Failed to configure domain authentication (domain unreachable)
Hello,
I'm trying to configure Domain Authentication on Devolutions Server, but something goes wrong and I don't understand what.
I checked that the machine can reach the LDAP server without problem through the LDAPS port 636. The "Test connection" button gives a positive outcome, it says it connects successfully. If I go to Advance Settings I can browse the Domain container on the server, so that's the ultimate proof the connection has been established. But when I try to save it says (I'll refer to my server as "*****.abcd.it" for privacy reasons):Domain unreachable. The server may be down. Domain: '*****.abcd.it'; Domain controller: '(unkown)'.
From the logs:
ActiveDirectoryObjectNotFoundException - The specified domain does not exist or cannot be contacted. *****.abcd.it at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context) at Devolutions.Server.ActiveDirectory.Microsoft.MsActiveDirectoryManager.GetDomainWithDomainName()
DomainUnreachableException - Domain unreachable. The server may be down. Domain: '*****.abcd.it'; Domain controller: '(unkown)'. at Devolutions.Server.ActiveDirectory.Microsoft.MsActiveDirectoryManager.GetDomain() at Devolutions.Server.ActiveDirectory.Microsoft.DomainControllersResolver.GetDomainControllers() at Devolutions.Server.ActiveDirectory.Microsoft.MsActiveDirectoryManager.GetDomainControllers() at Devolutions.Server.Controllers.APIControllers.ActiveDirectory.ActiveDirectoryConfigurationController.<>c__DisplayClass8_0.<GetDomainControllers>b__1() at Devolutions.Server.Controllers.APIControllers.ActiveDirectory.BaseActiveDirectoryController.ManageActiveDirectoryResponseMultipleDataEntity[T](IActiveDirectory activeDirectoryManager, Func`1 activeDirectoryFunction)
I really don't know what else to do, everything seems correctly set.
Tell me if you need more details or if there is a way to send you some "diagnostic reports".
Thank you.
All Comments (9)
Hello,
What DVLS version are you using?
Is the machine where DVLS is hosted connected to the domain?
Have you tried set a preferred domain controller in the Advanced Settings?
Best regards,
Érica Poirier
Hello Erica,
I'm using the version 2023.2.3.0
The machine where DVLS is hosted is not connected to the domain, and it's my will to keep it standalone.
I've tried to set a preferred domain controller in the Advanced Settings, but even if I select the correct entity from browsing the domain controllers, the distinguish name has properly set, but no domain controllers appear in the "Preferred domain controller" drop down menu.
Thank you for your help.
Hello Simone,
Thank you for the information.
Could you please open a ticket at service@devolutions.net and I will send you a link to book a support session to investigate this problem.
Best regards,
Érica Poirier
Thank you Erica, I just contacted the support team.
Hello Simone,
Thank you for your patience.
So the missing part of the configuration is to allow Kerberos to go through your firewall. The port 88 UDP/TCP should be opened on your firewall.
Let us know if that helps.
Best regards,
Érica Poirier
Hello Erica,
Is there a documentation of firewall port to be open?
Regards,
Pierre
Hello Pierre,
You can refer to this documentation: https://docs.devolutions.net/kb/devolutions-server/knowledge-base/ports-firewalls/
Best regards,
Richard Boisvert
Hello Richard,
Is there a more detailed documentation because there are basic port that are note in that documentation (ex: SMTP, Kerberos, Syslog). Is there any other port to open? Is there any port between 2 DVLS Server separated by a Firewall? What are the ports related to the scheduler, etc...
Regards,
Hello Pierre,
Thank you for your feedback.
When more than one DVLS is connected to the same SQL database, they won't communicate together. DVLS only interacts with the SQL database on default port 1433, unless configured differently, as mentioned in the article Richard provided.
The Scheduler also interacts with the database, it uses the same port as DVLS. If you use the PAM feature, then it will use the dedicated ports of the PAM provider.
Finally, if Gateway is configured, you will find the information in A closer look at Devolutions Gateway blog article.
Let us know if you have further questions.
Best regards,
Érica Poirier