Hello everyone.
I have a master at one site and two slaves at two other sites. I have configured them to sync over a VPN and over the internet. I have opened all the required ports.
The accounts and groups show up in the slaves but the certificates (and I do not know what else) do not.
The log is full of these errors:
AccountsFileSync: Error establishing connection: Connection refused
CertificateManagerFileSync: Error establishing connection: Connection refused
Does anyone know what to do?
I am stuck.
Kevin
I have a master at one site and two slaves at two other sites. I have configured them to sync over a VPN and over the internet. I have opened all the required ports.
The accounts and groups show up in the slaves but the certificates (and I do not know what else) do not.
The log is full of these errors:
AccountsFileSync: Error establishing connection: Connection refused
CertificateManagerFileSync: Error establishing connection: Connection refused
Does anyone know what to do?
I am stuck.
Kevin
Share this post:
Responses (4)
-
Accepted Answer
In my uneducated opinion you should not need to open any ports on the servers for LDAP replication if they are connected by VPN as this bypasses the firewall. If you run master/slave inside your LAN you may also be able to do away with your server firewall if you want but that is for you to weigh up. Remember as a gateway device the server is normally open to everything on your LAN unless you take active measures to block it.
With regards WINS, on the two remote sites try configuring Windows Networking with WINS support disabled and The WINS server set as your master server's LAN IP. -
Accepted Answer
Well that is not reassuring. We redesigned our whole network around LDAP replication over VPN.
I wish I would of had more than a week to test and implement.
What is driving this is the need for more than 254 IP's combined for all three sites.
Can I get WINS routing so I can use subnets at each site without LDAP replication?
Kevin -
Accepted Answer
I tried to make it working on a local network. I had no success. This is a quote of Peter Baldwin.
Hi Marcel,
The slave provisioning is very picky about all the necessary ports being open (LDAPS, Webconfig and a couple of others that I can't remember). We started work on making the provisioning process more robust, but that's still a work in progress.
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »