Cisco Cisco TelePresence Video Communication Server Expressway
Cisco VCS configuration
VCS Deployment Guide: Authenticating VCS accounts using LDAP (VCS X6)
Page 7 of 20
Status messages on the Login account LDAP configuration page
State =
Active
No error messages are displayed.
State =
Failed
The following error messages may be displayed:
Error message
Reason / resolution
DNS unable to do reverse lookup
Reverse DNS lookup is required for SASL authentication
DNS unable to resolve LDAP server
address
address
Check that a valid DNS server is configured, and check the
spelling of the LDAP server address
spelling of the LDAP server address
Failed to connect to LDAP server. Check
server address and port
server address and port
Check that the LDAP server details are correct
Failed to setup TLS connection. Check
your CA certificate
your CA certificate
CA certificate, private key and server certificate are required for
TLS
TLS
Failure connecting to server. Returned
code<return code>
code<return code>
Other non specific problem
Invalid Base DN for accounts
Check Base DN for accounts; the current value does not
describe a valid part of the LDAP directory
describe a valid part of the LDAP directory
Invalid server name or DNS failure
DNS resolution of the LDAP server name is failing
Invalid VCS bind credentials
Check VCS Bind DN and VCS Bind password, this error can
also be displayed if SASL is set to DIGEST-MD5 when it should
be set to None
also be displayed if SASL is set to DIGEST-MD5 when it should
be set to None
Invalid VCS bind DN
Check VCS Bind DN; the current value does not describe a valid
account in the LDAP director.
This Failed state may be wrongly reported if the VCS bind DN is
74 or more characters in length. To check whether there is a real
failure or not, set up an administrator group or user group on the
Cisco VCS using a valid group name. If Cisco VCS reports
“saved” then there is not a problem (the Cisco VCS checks that it
can find the group specified). If it reports that the group cannot
be found then either the VCS bind DN is wrong, the group is
wrong or one of the other configuration items may be wrong.
account in the LDAP director.
This Failed state may be wrongly reported if the VCS bind DN is
74 or more characters in length. To check whether there is a real
failure or not, set up an administrator group or user group on the
Cisco VCS using a valid group name. If Cisco VCS reports
“saved” then there is not a problem (the Cisco VCS checks that it
can find the group specified). If it reports that the group cannot
be found then either the VCS bind DN is wrong, the group is
wrong or one of the other configuration items may be wrong.
There is no CA certificate installed
CA certificate, private key and server certificate are required for
TLS
TLS
Unable to get configuration
LDAP server information may be missing or incorrect
Configure DNS server
Ensure one or more DNS server addresses are set up on the Cisco VCS (System > DNS).
Note: If SASL is enabled the DNS servers must support reverse DNS lookup.
DNS is required for:
Finding the IP address of the LDAP server if the server is defined by name rather than IP address.
If SASL is enabled, part of the security process is to perform an IP address to name check – a
reverse DNS lookup for that LDAP server.
reverse DNS lookup for that LDAP server.