Cisco Cisco Expressway
State = Failed
The following error messages may be displayed:
Error message
Reason / resolution
DNS unable to do reverse lookup
Reverse DNS lookup is required for SASL authentication.
DNS unable to resolve LDAP server
address
address
Check that a valid DNS server is configured, and check the spelling of
the LDAP server address.
the LDAP server address.
Failed to connect to LDAP server.
Check server address and port
Check server address and port
Check that the LDAP server details are correct.
Failed to setup TLS connection. Check
your CA certificate
your CA certificate
CA certificate, private key and server certificate are required for TLS.
Failure connecting to server. Returned
code<return code>
code<return code>
Other non-specific problem.
Invalid Base DN for accounts
Check Base DN for accounts; the current value does not describe a
valid part of the LDAP directory.
valid part of the LDAP directory.
Invalid server name or DNS failure
DNS resolution of the LDAP server name is failing.
Invalid bind credentials
Check Bind DN and Bind password, this error can also be displayed if
SASL is set to DIGEST-MD5 when it should be set to None.
SASL is set to DIGEST-MD5 when it should be set to None.
Invalid bind DN
Check Bind DN; the current value does not describe a valid account in
the LDAP director.
the LDAP director.
This failed state may be wrongly reported if the Bind DN is 74 or more
characters in length. To check whether there is a real failure or not, set
up an administrator group on the Expressway using a valid group
name. If Expressway reports “saved” then there is not a problem (the
Expressway checks that it can find the group specified). If it reports that
the group cannot be found then either the Bind DN is wrong, the group
is wrong or one of the other configuration items may be wrong.
characters in length. To check whether there is a real failure or not, set
up an administrator group on the Expressway using a valid group
name. If Expressway reports “saved” then there is not a problem (the
Expressway checks that it can find the group specified). If it reports that
the group cannot be found then either the Bind DN is wrong, the group
is wrong or one of the other configuration items may be wrong.
There is no CA certificate installed
CA certificate, private key and server certificate are required for TLS.
Unable to get configuration
LDAP server information may be missing or incorrect.
Define groups on Expressway
In the LDAP accessible database, groups are assigned to users to give them specific capabilities. The same
groups must be defined on the Expressway and configured with the required authorization levels for
Expressway access.
groups must be defined on the Expressway and configured with the required authorization levels for
Expressway access.
1. Go to
Users > Administrator groups
.
2. Click New.
3. Configure the fields as follows:
Authenticating Expressway Accounts Using LDAP Deployment Guide (X8.1)
Page 8 of 19
Expressway configuration