Verification failed! Please check your logfile for further information

  • I have been working on implementing the NADI plugin into an organizations WP environment for the past weeks. Whenever I go to verify the connection, I get the “Verification failed! Please check your logfile for further information” error. When I pull the logs here’s what I see:

    2018-03-12 15:05:40 [ERROR] NextADInt_Ldap_Connection::connect [line 61] Creating adLDAP object failed. Bind to Active Directory failed. Check the login credentials and/or server details. [AD: Can’t contact LDAP server] [AD error code: -1]
    2018-03-12 15:09:55 [INFO] NextADInt_Ldap_Connection::createConfiguration [line 104] LDAP connection is *not* encrypted
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] account_suffix =
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] base_dn = OU=_Users,DC=XXXXX,DC=ORG
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] domain_controllers = 173.xxx.xxx.xxx
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_port = 389
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_tls =
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_ssl =
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] network_timeout = 5
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_username = [email protected]
    2018-03-12 15:09:55 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_password = *** protected password ***
    2018-03-12 15:10:00 [ERROR] NextADInt_Ldap_Connection::connect [line 61] Creating adLDAP object failed. Bind to Active Directory failed. Check the login credentials and/or server details. [AD: Can’t contact LDAP server] [AD error code: -1]

    When I try on port 44389:
    2018-03-12 15:10:00 [ERROR] NextADInt_Ldap_Connection::connect [line 61] Creating adLDAP object failed. Bind to Active Directory failed. Check the login credentials and/or server details. [AD: Can’t contact LDAP server] [AD error code: -1]
    2018-03-12 15:27:37 [INFO] NextADInt_Ldap_Connection::createConfiguration [line 104] LDAP connection is *not* encrypted
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] account_suffix =
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] base_dn = OU=_Users,DC=XXXXXX,DC=ORG
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] domain_controllers = 173.xxx.xxx.xxx
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_port = 44389
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_tls =
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] use_ssl =
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] network_timeout = 5
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_username = [email protected]
    2018-03-12 15:27:37 [DEBUG] NextADInt_Ldap_Connection::createConfiguration [line 112] ad_password = *** protected password ***
    2018-03-12 15:27:42 [ERROR] NextADInt_Ldap_Connection::connect [line 61] Creating adLDAP object failed. Bind to Active Directory failed. Check the login credentials and/or server details. [AD: Can’t contact LDAP server] [AD error code: -1]

    Here’s what I have checked so far:
    – Made sure traffic from the remote webserver (WP site is hosted with Pantheon) is passing through the firewall to the internal network on port 44389, then being translated to 389. Verified this through Packet Tracer.
    – Verified the Base DN was correct and even tried other variations.
    – Created an incoming rule on the Windows Server (Org’s DC) for port 44389
    – Verified the credentials that I am using to test the connection are correct.

    Is there anything that I am missing? I contacted NADI support and they made a few basic recommendations, but are now stating that they’re happy to charge us for additional support if it is pertaining to our environment.

Viewing 6 replies - 1 through 6 (of 6 total)

  • Its really hard to make this connection work. Error codes don’t help and error -1 is just too broad to know exactly why.

    Im not sure about you configuration. You must also check that the server is working with the specified information using ldap tool of Windows Server. The logs there are much more detailed.

    Thread Starter pnelson

    (@pnelson)

    Juan,

    Thank you for the reply… I have verified the NADI config with their support and the firewall is good to go. When you say LDAP tool, what are you referring too? The server is a DC on the network and isn’t experiencing any issues from an internal perspective. So any tools you can recommend would be great.
    Thank you!

    Plugin Author schakko

    (@schakko)

    Patrick,
    you have verified the incoming TCP packets and I assume they are received by the Active Directory (security event log should contain a login event).
    Did you *also* check that the response packets from the Active Directory have been sent through the firewall? As I can see the TCP connection between WordPress/NADI and Active Directory is open but no response has been received (5 seconds timeout).
    This could be
    – Invalid masquerading configuration for outgoing packets on your firewall
    – MTU mismatch
    – Non-stateless firewall and not allowing to send packets from your internal network to Pantheon. Highly unlikely.

    P.S.: I just want to clearify that the additional charges would only occur if we would detect a misconfiguration in your network environment.

    Thread Starter pnelson

    (@pnelson)

    @schakko

    After doing some digging, I determined that when I click the “verify” button, either the TCP traffic is being dropped at our hosting companies firewall, or something else within their infrastructure is stopping it from exiting out onto the internet. Worst case scenario would be that there’s something wrong with then NADI plugin.

    I have used New Relic, to see if the NADI plugin is doing anything at all. It looked to be making calls, but there’s nothing network specific. I opened a ticket with the NOC at Pantheon to hopefully do some testing.

    Any other ideas as to what we can check?

    Plugin Author schakko

    (@schakko)

    Just the usual suspects:
    – SELinux enabled and not allowing httpd to establish network connections
    – some weird PHP settings for network sockets

    Thread Starter pnelson

    (@pnelson)

    @schakko

    SELinux is not being utilized on the host’s end. What do you mean by weird PHP settings for network sockets? Are there any changes that need to be made on the WP side that we may have missed?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Verification failed! Please check your logfile for further information’ is closed to new replies.

Tags