Octopus AD Account issue

security

(Gaurav) #1

We have an octopus deploy configured by the previous employer and we are not sure how the AD was configured. But based on the installation process provided by the Octopus Team, it seems the guy may have used his domain user id to install the Octopus server . This may conclude that the octopus is configured to the installer Domain AD account.

Here is the problem.
We recently changed the Primary DNS Server of the Octopus server and restarted the service. After that, the LDAP doesn’t work. We are getting an error - “The server could not be contacted.
The LDAP server is unavailable.”

Though the previous Primary DNS server Domain controller A record was added in the Primary DNS of the server that we have configured. We still have the issue.
Is there a configuration file on the server to know the AD server that is used or configured for the Octopus Server and can it be changed after installation? If yes, please guide me to the page ,which mentions it


(Lawrence Wilson) #3

Hi,
Thanks for getting in touch! I’m sorry to hear that after setting the primary DNS Server address, you can no longer authenticate with Active Directory on your Octopus Server.

I’m interested to know where you set the primary DNS Server, just to be sure I’m on the right page. Was this set on the network interface of the Octopus Server?

Typically when we see these errors, they point to problems in the configuration of DNS or Active Directory, so I’m interested in starting here.

While logged into your Octopus Server, can you resolve the IP address of your domain? For example, if you type

ping domainA.local

Also, there are other (SRV Resource) records which any Windows server will query in order to find the perfect domain controller to logon to. Depending on your DNS Server (If it’s running on Windows) they get registered into your DNS zone when the netlogon service starts on your Domain Controller (IE after a reboot of the domain controller).

So for DNS to truly be healthy, your Octopus Server would need to be able to locate records which look like these for example:

Server: localhost
Address:  127.0.0.1
_ldap._tcp.dc._msdcs. Domain_Name 
SRV service location:
priority= 0
weight= 100
port= 389
srv hostname=  Server_Name . Domain_Name Server_Name . Domain_Name internet address =  Server_IP_Address 

Could you please run through the steps outlined in this Microsoft article to verify that SRV DNS records have been created for a domain controller on your new Primary DNS Server?

I look forward to hearing from you and getting to the bottom of this one!

Kind regards,
Lawrence.