Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » LDAPS: Schema extensions have not found on LDAP server
  •  
Nizo

Messages: 7
Karma: 0
Send a private message to this user
Hi,

I've 4 DC's 3 2k8 64Bit and 2k3 32Bit. DC1 is the schema Master and it's 2k8 64Bit, DC-mail is also 2k8 64Bit, the 2k3 is DC as File-server.

Since the last update of kerio-connect-7.1.3-2461-win32, i get always this error when i try to connect the 3 DC's 2k8 64 Bit "LDAPS: Schema extensions have not found on LDAP server", if the connection with "Secure connection(LDAPS) or not.

I've un-install the kerio-connect-kade-7.1.3-2461-win64 from all 3 2k8 Server and install it again. But still always the same.

When i set the Directory Server as 2k3, i mean the ip address of the 2k3 Server where the KADE 32Bit installed on it, i get connection successfully.

I want to use my DC-Mail as in the past to be the Directory Server. So if there will be any trouble on the 2k3 Fileserver, the DC-Mail will not work also because of LDAP Server and User Mapp List.

Can anyone help me please to solve this problem? Till now the Kerio-Support could not help me to fix it.

Thanks in advanced for your help.

Nizo
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It should be easy to troubleshoot. Download Wireshark to get a network packet dump. Click on "Test" button in domain settings and gather LDAP (not LDAPS!) network dump. The dump will tell us why the W2k8 domain servers are sending different response than Windows 2003.

[Updated on: Fri, 14 January 2011 11:25]

  •  
Nizo

Messages: 7
Karma: 0
Send a private message to this user
Thanks a lot for your replay.

I can't upload the file, the size is about 1.7 MB. Sad
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
This forum is not providing technical support. Submit a ticket at http://support.kerio.com and attach the file to the ticket.

[Updated on: Fri, 14 January 2011 19:28]

  •  
Nizo

Messages: 7
Karma: 0
Send a private message to this user
Thanks a lot, done Smile
  •  
Nizo

Messages: 7
Karma: 0
Send a private message to this user
Hello,

i've installed an Kerio-VM 2k8 64Bit as extra DC and Kerio Connect too. This system works fine and can also map the user liste from itself.

1- The new OS Kerio-VM 2k8 64Bit has this Ip = 192.168.0.236 and act as DC, kerio connect is installed. I can use this DC as a Directory Server for Kerio, and the connection to the LDAP Server on it is succssuflly.

2- The original Kerio Connect server has this IP= 192.168.0.232 act also as DC and it's 2k8 64Bit. From this server i can use the Kerio-VM DC 0.236 as Directroy Server and it works fine, because it get the user liste from Kerio-VM DC.

3- When i try the connection from Kerio-VM to anyone of the other 3 2k8 DC to test the connection as a directory server, the test is faild with the same error "LDAPS: Schema extensions have not found on LDAP server"

Maybe this well help to help me.

Why i can't establisch any connection to these 3 DCs Sad Sad

How works Kerio? With certification? The certification are there and the test connection from IP= 192.168.0.232 (Origin Kerio) to the Kerio-VM can be establisched.

Thanks a lot for your help in advanced.

  •  
Nizo

Messages: 7
Karma: 0
Send a private message to this user
I've tried to do Wireshark and found these:-

The VMKerio server is 192.168.0.236 and the 2k8DC is 192.168.0.232

When itry to use 192.168.0.232 as A Directory Service, i get the Schema Error and it's the same also too the other 2 DC's.

No. Time Source Destination Protocol Info
576 6.296663000 192.168.0.232 192.168.0.236 LDAP searchResDone(3) operationsError (000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772) [0 results]


See File please.

[Updated on: Tue, 18 January 2011 16:07]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Do you have a *complete* network packet dump? It's clear that there is no authentication on W2k8 server. I'm missing the error about failed authentication.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Also, what does the Event log say on W2k8 servers? I guess it should log some error as well.
  •  
Nizo

Messages: 7
Karma: 0
Send a private message to this user
Sorry, there is no log on the 2k8server.

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
I'm sorry but I didn't get what this screenshot is supposed to say. It contains headers from IP packet, which is not helpful at all.

I need to see the whole wireshark dump and all packets to be able to help.
  •  
Nizo

Messages: 7
Karma: 0
Send a private message to this user
Do you need it with LDAP or with LPADS?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Nizo wrote on Wed, 19 January 2011 11:44
Do you need it with LDAP or with LPADS?


As I already mentioned in the first response, we need LDAP. LDAPS is useless due to encryption.
Previous Topic: Outlook 2010 crashes with KOFF
Next Topic: Howto configure eTask?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 09:40:11 CEST 2017

Total time taken to generate the page: 0.00547 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.