LDAP timeout

While Configuring an Active Directory in the agent, you may encounter the following error on the WSTEP tab of the on-premises PKIaaS Virtual Machine.

ErrorDialURL
ldap://<DOMAIN-CONTROLLER>
LDAP Result Code 200 "Network Error": dial tcp dc1.example.com:389: i/o timeout

See below for a list of possible causes and the corresponding solutions.

Domain Controller powered off

The <DOMAIN-CONTROLLER> might be powered off.

Issue resolution: Power on the Domain Controller.

Orphaned Domain Controller

The <DOMAIN-CONTROLLER> Domain Controller mentioned in the error might be orphaned. This might occur if the Domain Controller was accidentally or incorrrectly removed from an Active Directory forest.

Issue resolution: Remove the orphaned Domain Controller as explained in https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/remove-orphaned-domains

Incorrect IP address

The DNS Entry for the <DOMAIN-CONTROLLER> Domain Controller might point to an incorrect IP address. This can occur if:

  • A Domain Controller was erroneously deployed using a DHCP-assigned IP address instead of a static IP address.

  • Mistakes were made while deliberately changing the IP address of a Domain Controller.

Issue resolution:

  1. Check the <DOMAIN-CONTROLLER> DNS entry in the Microsoft DNS manager.

  2. Verify that the IP Address listed is correct.

  3. If the IP address in the Microsoft DNS Manager is correct and differs from the IP address in the logs, another DNS record must be fixed.