[cisco-voip] CCM - AD Intergration

Kevin Thorngren kevint at cisco.com
Thu Feb 3 06:57:15 EST 2005 

Hi Martin,

The name of the account used to access the directory doesn't matter.   
If the search works for one account but not another then there must  
still be some permissions issue with the other account you are using.   
You will get more details of the problem by capturing a packet capture  
of the search.  You can use Network Monitor that is installed on the  
CallManager you are searching from then filter on LDAP packets.  It  
should be clear as to where the issue is, unlike the dcdsrvr logs.

Thanks,
Kevin
On Feb 3, 2005, at 5:41 AM, Martin Lohnert wrote:

> Hi All,
> Has anyone experienced issues with CCM integrated with Active
> Directory, using a different than 'Administrator' account ? We running
> ccm3.3.3sr4a integrated to win2000 AD for over a year, and decided to
> change the account it uses. Created a copy of the Administrator
> account (same group memberships etc) with a different name, reverted
> the integration back to DC directory (successfully) and then
> integrated with AD again, using this new account.
> The problem is, directory search from ccmadmin pages takes a very long
> time and returnes an error, eventhough users were able to login to
> ccmuser page and we were able to acces the admin pages... dcdirectory
> log show the following:
> ----------------------------------------------------------------------- 
> ---------------------------------
>  DIRUSER CONNECTED TO ldap://<our_domain_controllers_fqdn>:389
> **************************
> 218: Feb 02 22:35:12.929 GMT+000 %UserPreference-6-UNK:Returning.
> ldapURLIndex :0 currURLIndex: 0
> 219: Feb 02 22:35:39.555 GMT+000 %UserPreference-6-UNK:Inside  
> MakeConenction
> 220: Feb 02 22:35:39.555 GMT+000 %UserPreference-6-UNK:currURLIndex :0
> 221: Feb 02 22:35:39.555 GMT+000 %UserPreference-6-UNK:ldapURLIndex :0
> 222: Feb 02 22:35:44.727 GMT+000  
> %UserPreference-6-UNK:*********************
>  DIRUSER CONNECTED TO ldap://<our_domain_controllers_fqdn>:389
> **************************
> 223: Feb 02 22:35:44.727 GMT+000 %UserPreference-6-UNK:Returning.
> ldapURLIndex :0 currURLIndex: 0
> 224: Feb 02 22:36:06.352 GMT+000 %UserPreference-3-UNK:Could not
> connect to LDAP Server
>
> 225: Feb 02 22:36:06.352 GMT+000
> %UserPreference-3-UNK:com.ms.com.ComFailException: -1101
> 	at DirUser/DirUser.getAllUserInfo
> ----------------------------------------------------------------------- 
> ---------------------------------------------
>
> When we tried running ldif queries against the same DC using the same
> account, we get correct results. After some troubleshooting, we
> reverted back to using 'Administrator' account and everything works
> fine again... I couldn't find anywhere in the docs if using a
> different account is even supported.
>
> Thanks for any suggestions
> ML
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>

More information about the cisco-voip mailing list