Error when trying to log into an AD/LDAP connection

Problem statement

AD/LDAP Connector isn’t working and shows ‘UNABLE_TO_GET_ISSUER_CERT_LOCALLY’ in the logs.

Symptoms

When trying to log into an AD/LDAP Connection, the ‘NotInThisNode’ error is shown. The AD/LDAP Connector may show as offline.

Troubleshooting

If this is a High Availability setup and it is the second machine where the error occurs, verify that the Trusted Root Certificate Authorities on the second machine match the first machine’s Trusted Root Certificate Authorities.

Cause

Certificate Authority is missing from the Trusted Root Certificate Authorities on the machine that has the AD/LDAP Connector installed

Solution

If your tenant is in the public cloud environment, you need to verify that you have the ISRG Root X1 certificate in your Trusted Store on the machine that has the connector installed.

If you are on the converged platform environment, you need to add the ISRG Root X2 certificate to the Trusted Store on the machine that has the connector installed.