Auth0 Home Blog Docs

AD Connector not installing properly

ad-connector

#1

How do I go about installing the AD Connector on a domain computer? I followed the directions in the auth0 docs and GitHub page, couldn’t get anywhere.

The first server I tried was a DC, couldn’t even finish the install because the installer hung at starting services. The second server was a fresh server, the services installed fine but when ran I was getting an error whenever I tried to start the service. The error said no message was returned, so I have no idea as to what is happening.

Tried a windows 10 PC next. Install works fine, services install properly, when I try to go to http://localhost:8357, I get nothing. Turned off the firewall and removed the AV and still nothing. I even tried changing the account the service runs under to a domain admin and still no luck. Not sure what to try next since everything seems to install fine and zero error messages are given. Also, the only log entry is “Got SIGTERM, exiting now.”

The servers are Windows Server 2012 R2 and the windows 10 edition is Enterprise 2016 LTSB. Any help would be greatly appreciated


#3

There are a slew of issues I found while trying to troubleshoot this further. I did get the service to run manually, which it then instantly crashes the moment it tries to read my windows certificate store. Not sure what its doing, but that’s as far as I can get with a windows client.

I need to get this authentication working ASAP so I decided to try to connect with my Mac for the time being. That didn’t work either. Could get as far as install the node modules and failing when its time to install nconf. Gave me the following error

Unhandled rejection Error: Command failed: /usr/bin/git clone --depth=1 -q -b master git://github.com/crigot/stream-rotate.git /Users/.../.npm/_cacache/tmp/git-clone-0e309ef7

/Users/.../.npm/_cacache/tmp/git-clone-0e309ef7/.git: Permission denied

Not sure what to do next since that’s two platforms this connector failed to install on


#4

:wave: @eddiebeazer there may be a clock Skew causing the AD Connector to fail, can you that the server is configured to run on NTP? Or the connector could be having issues with one of the certificates installed on the machine where it is being installed.

D you think you might be able to DM me the files and the full troubleshooting output outlined in the troubleshooting documentation we so I can further investigate what’s happening:


#5

Thanks for responding.

My install directory doesn’t have a config.json file and the logs.log file is empty. The service just pauses the moment it starts so I’m guessing that’s why both of those files are missing/empty. I do think you’re right about there being an issue with a certificate. When I try to run the server.js file from the command line it gives me a prompt to enter my ticket number, once I do the next two lines appear right after

“Reading CA Certificates from Windows Store”
“Error: Cannot read RSASSA-PSS parameter block.”


#6

Just wanted to respond to say that the local certificate was the issue. My root ca’s cert wasn’t compatible with the AD connector. I spun up a new vm, didn’t join it to my domain and that worked. Was able to easily query my domain with The LDAP string afterwards and start authenticating