Attempt to import OUs from Active Directory by LDAP results in "Server failed to connect with target directory server."
Last Updated December 04, 2017
Unable to import Active Directory (AD) Organizational Units (OUs) through the Lightweight Directory Access Protocol (LDAP) in to the Symantec Endpoint Protection Manager (SEPM).
The following errors can be observed when encountering this issue:
"AD URL is malformed" (This error will occur when adding the AD Domain Controller (DC) under SEPM server properties, however the option to continue and add the DC anyway is still available.)
"Server failed to connect with target directory server." (This error will occur when attempting to import OUs as client groups into the SEPM console.)
This can be caused when the Symantec Endpoint Protection Manager Console (SEPM) is unable to authenticate with the AD server. The authentication failure can occur when the AD server's local security policy is set to "Require Signing" for the LDAP server signing requirements.
In order to resolve this issue, the LDAP server signing requirements must be set to "none."
Edit the Local Security Settings for LDAP on an AD server that is also a Domain Controller (DC).
Click Start> Programs> Administrative Tools> Group Policy Management.
Expand Domain Controllers, then right-click on the Default Domain Controllers Policy and select Edit.
In the Group Policy Management Editor, expand Computer Configuration> Policies> Windows Settings> Security Settings> Local Policies> Security Options.
Right-click on Domain Controller: LDAP server signing requirements.
Select Properties and change the setting from "Require Signing" to "None".
Click Start> Run.
In the run dialog box type in gpupdate /force and click OK.
Edit the Local Security Settings for LDAP on an AD server that is not a DC.
Click Start> Run.
In the run dialog box type in gpedit.msc.
When the "Group Policy Object Editor" window opens expand Windows Settings> Security Settings> Local Policies> Select Security Options.
Locate "Domain Controller: LDAP server signing requirements" and if the selection is set to "Require Signing" change it to "None"
Imported Document ID: TECH104570
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe