¨The remote certificate is invalid according to the validation procedure¨Error while running AD sync

Hi ,

I am getting the following error upon running initial sync from an AD system.

[2134003] Error running synchronization.
[System.Reflection.TargetInvocationException] Exception has been thrown by the target of an invocation.
[System.Net.WebException] The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
[System.Security.Authentication.AuthenticationException] The remote certificate is invalid according to the validation procedure.
at StdioProcessor.StdioProcessor._Execute(Job job)
at VI.Projector.JobComponent.ProjectorComponent.Activate(String task)
at VI.Projector.JobComponent.ProjectorComponent._FullProjection()

The AD connection is established correcty in sync editor and I am able to browse the AD from Sync editor and also simulation runs successfuly. Only upon actual execution , we are getting this error and Sync job is getting frozen.

Sync to same AD is working in lower environment without issues. Please suggest.

Thanks,

Saba

Parents
  • Saba,

    you say that you are connecting to the AD from PROD environment instead of NONPROD environment.

    This could be a trust issue. Your PROD jobserver may not trust the domain controller's certificate. This can be for the following reasons:

    - The jobserver does not trust the certificate authority that has issued the domain controller's certificate.

    --> To fix this, add the CA to the trusted root CAs on the jobserver.

    - In the sync project, you are using a DC name or IP address that is not mentioned in the certificate's subject alternative name.

    --> To fix this, in the snyc project's config, use the DC FQDN as stated in the DC's certificate.

    Hope this helps,

    Sebastian

Reply
  • Saba,

    you say that you are connecting to the AD from PROD environment instead of NONPROD environment.

    This could be a trust issue. Your PROD jobserver may not trust the domain controller's certificate. This can be for the following reasons:

    - The jobserver does not trust the certificate authority that has issued the domain controller's certificate.

    --> To fix this, add the CA to the trusted root CAs on the jobserver.

    - In the sync project, you are using a DC name or IP address that is not mentioned in the certificate's subject alternative name.

    --> To fix this, in the snyc project's config, use the DC FQDN as stated in the DC's certificate.

    Hope this helps,

    Sebastian

Children
No Data