Directory Agent cannot connect to the domain controller

Directory Agent must be able to connect to the domain controller to gather user information from the directory service. If there are communication problems between the Directory Agent machine and the domain controller, the hybrid service's user data may become outdated, leading to incorrect filtering.

To troubleshoot this problem:

Make sure that the Directory Agent machine is bound to the domain, and that the firewall permits communication on the directory service port.

 

Port	Used for:
139	NetBIOS communication: Active Directory
389	LDAP communication: Active Directory, Novell eDirectory, Oracle (formerly Sun Java) Directory Server
636	SSL port: Novell eDirectory, Oracle (formerly Sun Java) Directory Server
3268	Active Directory
3269	SSL port: Active Directory

Go to the Settings > General > Directory Services page and verify that your directory service configuration has not changed since you last updated your Directory Agent settings.

Go to the Settings > Hybrid Configuration > Shared User Data page and verify that Directory Agent is attempting to search a valid context (path) for user and group information. To do this:

If you are using Windows Active Directory, click a directory server name or IP address, and then click Test Context. Repeat this process for each global catalog server.

If you are using Oracle (formerly Sun Java) Directory Server or Novell eDirectory, click Test Context.

On the Shared User Data page, also make sure that the context is not only valid, but appropriate. The context should be limited to include only those users and groups filtered by the hybrid service.

Still on the Shared User Data page, make sure that the Directory Search option is set correctly, so that Directory Agent is searching only the relevant portion of your directory service.

Verify that it is possible to connect to the directory service IP address and port from the Directory Agent machine.