All Apps and Add-ons

Splunk Support for Active Directory: Why am I getting error "Connection timed out" messages?

New Member

Why am I getting "X.X.X.X: Could not access the directory service at ldaps://X.X.X.X:3269: socket connection error: [Errno 110] Connection timed out" error message?

Splunk Support for Active Directory
Splunk Version 6.5.1
App Version 2.14
App Build 366

0 Karma

Path Finder

I have seen this error in two other cases. Bad password for the account binding to Active Directory. The other case was a firewall blocking port 636.

0 Karma

New Member

OK. Will do, but it may take some time. I'll make sure that we detail how we fix our production environment. Our production environment is distributed amongst many community colleges throughout California with HFs pointed to a centralized AWS system. The person configuring our AWS implementation has a ticket open for this and he will be onsite at our campus this week to compare/contrast our distributed production environment configurations/settings with my lab setup.

0 Karma

SplunkTrust
SplunkTrust

Hi SPLK_Dollesin,
Does the error appear when clicking on "Test connection" button?
Did you specify the port on the setup page?
http://docs.splunk.com/Documentation/SA-LdapSearch/2.1.4/User/ConfiguretheSplunkSupportingAdd-onforA...

0 Karma

New Member

Thank you for replying with your questions. Yes, this error appears when clicking on the "Test Connection" button for both the "default" (ports 3268 or 3269) and additional "domains" (both ports 389 or 636). We were able to get our Test environment working, but had to apply a couple of workarounds not listed in the instructions that you sent. In some other online research, I found info that our domain controllers require java. Do you know if that is correct? Also, I found that you must have both a "default" and additional domain with both a FQDN entries and the other with friendly names. We applied both of these workarounds on our Test domain and now it's working there.

0 Karma

SplunkTrust
SplunkTrust

i am not aware of java requirements. Yes you do need another domain besides the default, it is in the docs. If it works, can you list the workaround not listed so we can improve documentation? Also would be great to add as an answer for the community.

0 Karma