You are correct: it shouldn't be this hard, so I'm hoping it is something simple.
1. From within the admin cli on the SMG control center use ping to demonstrate connectivity. (I know you said you can ping it, but humor me)
a. Once using the IP address.
b. Once using the DNS name.
The important part is that you do this from within the admin cli of the SMG instance that is trying to get to your LDAP source.
IF all that works out, next verify in your AD instance if it is configured to accept LDAP (i.e. clear text) traffic. Earlier this year there was a patch/update to AD to disable LDAP. It's OK, if it is disabled, but you should know that, with that disabled, port 389 is out of the equation.
2. Assuming you CAN still use LDAP/port 389, again, from within the admin cli, use the "ldapsearch" command to attempt a simple bind to your AD server. Make sure you are using the SAME bind credentials and search base as you entered into the SMG GUI. The SMG does, more or less, the same thing behind the scenes when you run the "test query" from the GUI, but this way you can look at it first hand.
I don't know if the version that ships with SMG has debugging enabled, but you can try using the "-d" option to get more verbose output.
This should make it clear what is happening.
Original Message:
Sent: 04-06-2021 12:04 AM
From: Mike Zuschek
Subject: Trying to add new Ldap Server. Network Connection Timed Out.
I feel like I'm taking crazy pills here. I feel like adding a new Active Directory GC server shouldn't be this hard.
* i am currently using a windows 2008 r2 Active Directory connection over port 389
* i want to retire the 2008 r2 server and add my windows 2016 Active Directory GC server over literally any port that will work. i have tried 389, 636, 3268, 3269
* i get the same error everytime when I click "test connection":
"Failed to connect to LDAP server. Network connection timed out. Check the hostname used for the source. DDS error code: 800404 Additional information: Failure connecting to data source, network connection timed out:"
* I have tried IP address, common name, and FQDN. and I always get that error.
* I can open up utilities and ping the IP and FQDN.
* I have tried turning the firewall completely off.
* both domain controllers are on the same VLAN
I don't know what else to try.
"Please help me SMG gurus you are my only hope"