cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

Cannot connect to Active Directory during install of WIndchill 9.1

gchampoux
1-Newbie

Cannot connect to Active Directory during install of WIndchill 9.1

I'm doing another Windchill Intralink 9.1 install in a secure area, that is off of our main network.
As you may know, Active Directory can be configure during the install in 9.1.
This worked fine on our main network.
I am attempting to repeat this (virtually verbatim) in the secure area, which has its' own AD server.
However, the installer fails to connect to AD, and refuses to proceed.


Unforunately, the error message is overly general.
It says that one of the following is incorrect:



  • AD server name

  • Port (tried both 389 & 3268)

  • User credentials (bind as user) - used same as the user that is installing.

  • Base Distinguished Name for Enterprise Users
    On our main network, this is dc=privnet,dc=williams-int,dc=com

How can I narrow down where the problem resides?
Are there commands I can enter (DOS windopw) to test the AD connection?


Gerry

8 REPLIES 8

Gerry,

Somethings you might want to check,

1. From your Windchill server try this command 'telnet <ad_server hostname=">
389' (3268 also)'
This way you can be sure if Windchill server is actually allowed to
connect to AD server on these ports. If not, your IT guys can fix the port
issue for you.

2. If step#1 is a success. Then open Windchill DS/Aphelion and try to
connect to AD server using the Bind Credentials.



Rohan Kalbhor
Email:-
<http://plmdays.blogspot.com">http://rohankalbhor.blogspot.com>http://plmdays.blogspot.com



On Mon, Oct 17, 2011 at 11:43 PM, Gerry Champoux <-<br/>> wrote:

> I'm doing another Windchill Intralink 9.1 install in a secure area, that is
> off of our main network.
> As you may know, Active Directory can be configure during the install in
> 9.1.
> This worked fine on our main network.
> I am attempting to repeat this (virtually verbatim) in the secure area,
> which has its' own AD server.
> However, the installer fails to connect to AD, and refuses to proceed.
>
> Unforunately, the error message is overly general.
> It says that one of the following is incorrect:
>
> - AD server name
> - Port (tried both 389 & 3268)
> - User credentials (bind as user) - used same as the user that is
> installing.
> - Base Distinguished Name for Enterprise Users
> On our main network, this is dc=williams-int,dc=com
> For the secure area, it is dc=privnet,dc=williams-int,dc=com
>
> How can I narrow down where the problem resides?
> Are there commands I can enter (DOS windopw) to test the AD connection?
>
> Gerry
>

To add, if 389/3268 both don't work, you could check with IT if AD is
configured to another port.

Thanks,
Rohan Kalbhor
Email:-

The telnet commands were successful for both ports.

However, I cannot proceed to step 2 below because nothing is yet installed, inlcluding WindchillDS.
This AD issue is happening during the early stages of the install where options/settings are defined.

As a test, we also ran the installer, and purposefully enterred wrong credentials to see what would happen.
We got different messages.
So, we beleive that the credentials are working, and are not the issue.

I've submitted this to PTC as well.
It will be interesting to see who solves this first: PTC or the Exploder. <grin>

Gerry

In Reply to Roan Kal:


Gerry,

Somethings you might want to check,

1. From your Windchill server try this command 'telnet <ad_server hostname=">
389' (3268 also)'
This way you can be sure if Windchill server is actually allowed to
connect to AD server on these ports. If not, your IT guys can fix the port
issue for you.

2. If step#1 is a success. Then open Windchill DS/Aphelion and try to
connect to AD server using the Bind Credentials.



Rohan Kalbhor
Email:-
<



@On Mon, Oct 17, 2011 at 11:43 PM, Gerry Champoux <-<br/>> wrote:

> I'm doing another Windchill Intralink 9.1 install in a secure area, that is
> off of our main network.
> As you may know, Active Directory can be configure during the install in
> 9.1.
> This worked fine on our main network.
> I am attempting to repeat this (virtually verbatim) in the secure area,
> which has its' own AD server.
> However, the installer fails to connect to AD, and refuses to proceed.
>
> Unforunately, the error message is overly general.
> It says that one of the following is incorrect:
>
> - AD server name
> - Port (tried both 389 & 3268)
> - User credentials (bind as user) - used same as the user that is
> installing.
> - Base Distinguished Name for Enterprise Users
> On our main network, this is dc=williams-int,dc=com
> For the secure area, it is dc=privnet,dc=williams-int,dc=com
>
> How can I narrow down where the problem resides?
> Are there commands I can enter (DOS windopw) to test the AD connection?
>
> Gerry

Gerry,



Is it possible that the password for your credential has a weird character?



I ran into this last year when trying to install 9.1. The PSI had some
independent code that didn't allow some special characters in a password,
even though AD allowed it. I think the password I was trying to use had a
"$" somewhere in it.



PTC's answer at the time was to use another account or change the password.
I couldn't do either. So, I had to install without AD configured in the PSI
and connect to AD as a post-install task. This issue cost me days.



Hope it helps,



-pat


When we set up the account, we considered that this could be a potential issue.
Its' password only has alpha and numeric characters.

In Reply to Pat Custodio:


Gerry,

Is it possible that the password for your credential has a weird character?

I ran into this last year when trying to install 9.1. The PSI had some
independent code that didn't allow some special characters in a password,
even though AD allowed it. I think the password I was trying to use had a
"$" somewhere in it.

PTC's answer at the time was to use another account or change the password.
I couldn't do either. So, I had to install without AD configured in the PSI
and connect to AD as a post-install task. This issue cost me days.

Hope it helps,

-pat

Pat/Gerry,

I had sort of the same problem with PSI when installing an additional
package into an existing system. The Oracle user password for Windchill
contained an ! character, and when entered into PSI it would NOT
validate username until I changed the password and removed the !
character.

Mike


Just to elaborte: All the passwords used in installing Windchill are simple alpha-numeric.



Gerry



In Reply to Gerry Champoux:



When we set up the account, we considered that this could be a potential issue.
Its' password only has alpha and numeric characters.

In Reply to Pat Custodio:


Gerry,

Is it possible that the password for your credential has a weird character?

I ran into this last year when trying to install 9.1. The PSI had some
independent code that didn't allow some special characters in a password,
even though AD allowed it. I think the password I was trying to use had a
"$" somewhere in it.

PTC's answer at the time was to use another account or change the password.
I couldn't do either. So, I had to install without AD configured in the PSI
and connect to AD as a post-install task. This issue cost me days.

Hope it helps,

-pat

I had a similar password issue with the ProductView auth.properties file. I had an @ in the password. I was banging my head against the wall until I noticed in the log files that the password had @@ not @. The system was doubling the special character. Removing all special characters from the password solved the problem.

Just as an aside, the following log files contain the password that is in the auth.properties file. Some can be viewed in the browser by an admin.

· PROEqueue.log

· StatusMessages.log

· *.log in logs\cadagent\<workermachine name=">-<workername>

· Agent.ini <-- contains the ftp username & password

· Worker_*.log

David Haigh
Top Tags