Problem statement
AD/LDAP Connector isn’t working and shows ‘UNABLE_TO_GET_ISSUER_CERT_LOCALLY’ in the logs.
Symptoms
When trying to log into an AD/LDAP Connection, the ‘NotInThisNode’ error is shown. The AD/LDAP Connector may show as offline.
Troubleshooting
If this is a High Availability setup and it is the second machine where the error occurs, verify that the Trusted Root Certificate Authorities on the second machine match the first machine’s Trusted Root Certificate Authorities.
Cause
Certificate Authority is missing from the Trusted Root Certificate Authorities on the machine that has the AD/LDAP Connector installed
Solution
If your tenant is in the public cloud environment, you need to verify that you have the ISRG Root X1 certificate in your Trusted Store on the machine that has the connector installed.
If you are on the converged platform environment, you need to add the ISRG Root X2 certificate to the Trusted Store on the machine that has the connector installed.