Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Joe Arseneau
Valued Advisor
Valued Advisor
‎05-08-2020 11:36 AM

Re: Inconsistent LDAP bind to AD over SSL from Workcentres?

You won't have TLS settings until you have the firmware updated, same for the Network trace feature

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe Arseneau
0 Kudos
Reply
surfrock66
New Member
New Member
‎05-08-2020 11:10 AM

Re: Inconsistent LDAP bind to AD over SSL from Workcentres?

We don't have the TLS settings?  Would they be somewhere else?  We also don't have the Network Troubleshooting Logs option.

SEIU_DT0057_Joe_s_Computer_.png

We validated NTP and that isn't an issue.

0 Kudos
Reply
Joe Arseneau
Valued Advisor
Valued Advisor
‎05-08-2020 09:18 AM

Re: Inconsistent LDAP bind to AD over SSL from Workcentres?

Update the firmware on one that does work and one that doesn't (see attached)

Enable network trace and try the ldap, then compare failed and successful in wireshark

CWIS > Properties > Security > Logs > Network troubleshooting

1.PNG

 

Things that will casue LDAPs to fail:

Time off by more than 3 minutes

Not having HTTPs enabled on the MFP

TLS Settings

2.PNG

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe Arseneau
0 Kudos
Reply
surfrock66
New Member
New Member
‎05-07-2020 09:45 PM

Inconsistent LDAP bind to AD over SSL from Workcentres?

Product Name: Other - specify product in post
Operating System: Not Applicable

I have 5 Xerox Workcentre 5955's located in 4 offices around the state.  In one of those offices, I also have an AltaLink B8055.  We recently moved to LDAPS, however some of the copiers will not find a domain controller and we can't figure out why.  2 of the 5 work fine (and, oddly, those 2 are in the same office) The Altalink works fine and has the same configuration, but is in the same office as one of the non-functional workcentres.  The altalink is in Site1 (10 subnet), the 2 working workcenters are Site2 (20 subnet), and the others are sites 3 (30 subnet) and 4 (40 subnet).  We have DC's in each site (matching third octet) but also DC's at our HQ (50 subnet).  I'll indicate the failed binds to a dc with -, and a successful bind with a +.

  • 10.1.10.13
    • Site 1
    • Firmware 073.091.075.34540
    • Tested DC’s:
      • -10.1.50.2
      • -10.1.50.4
      • -10.1.10.4
      • -10.1.20.4
  • 10.1.20.15
    • Site 2
    • Firmware 073.091.075.34540
    • Tested DC’s:
      • +10.1.20.4
      • +10.1.50.2
  • 10.1.20.13 
    • Site 2
    • Firmware 073.091.055.33800
    • Tested DC’s:
      • +10.1.20.4
  • 10.1.30.13
    • Site 3
    • Firmware 073.091.066.08210
    • Tested DC’s:
      • -10.1.50.4
      • -10.1.30.4
      • -10.1.20.4
  • 10.1.40.13 
    • Site 4
    • Firmware 073.091.066.08210
    • Tested DC’s:
      • -10.1.50.4
      • -10.1.20.4
      • -10.1.40.4

So we don't think it's the network at a site because the working ones are able to bind out of network and other copiers on the "non-working" sites bind successfully.  We can't correlate firmware, we can't correlate against a specific DC.  The accounts are all the same and we're not validating the LDAPS certificate.  I CAN make the "broken" ones work by pointing them at port 389 instead of 636, however even after selecting SSL for LDAP the domain controller registers an insecure LDAP bind.

We are stumped.  Any thoughts or troubleshooting help is appreciated.

0 Kudos
Reply