Active Directory windows 2025

Hello!,

I am trying to configure 2025 windows active directory and ignition, on windows 2022 this was a very easy step but now i am getting issues connecting active directory, i am getting the following errors on the logs. Has anyone had success configuring it?

java.lang.Exception: Failed connecting to LDAP server.

at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.openContext(LDAPHelper.java:312)

at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.search(LDAPHelper.java:360)

at com.inductiveautomation.ignition.gateway.authentication.impl.ActiveDirectoryUserSource.getUsers(ActiveDirectoryUserSource.java:191)

at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper.doGetUsers(UserSourceWrapper.java:570)

at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper$UserCacheImpl.doUpdate(UserSourceWrapper.java:297)

at com.inductiveautomation.ignition.gateway.authentication.UserSourceWrapper$UserCacheImpl.doUpdate(UserSourceWrapper.java:293)

at com.inductiveautomation.ignition.gateway.authentication.AbstractCache$UpdateTask.run(AbstractCache.java:118)

at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.base/java.util.concurrent.FutureTask.run(Unknown Source)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.base/java.lang.Thread.run(Unknown Source)

Caused by: javax.naming.CommunicationException: simple bind failed: 192.168.8.8:636

at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtx.(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

at java.naming/javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

at java.naming/javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

at java.naming/javax.naming.InitialContext.init(Unknown Source)

at java.naming/javax.naming.ldap.InitialLdapContext.(Unknown Source)

at com.inductiveautomation.ignition.gateway.authentication.impl.LDAPHelper.openContext(LDAPHelper.java:290)

... 11 common frames omitted

Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 192.168.8.8 found

at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)

at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)

at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)

at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)

at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)

at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)

at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)

at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)

at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(Unknown Source)

at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(Unknown Source)

at java.base/java.io.BufferedOutputStream.flushBuffer(Unknown Source)

at java.base/java.io.BufferedOutputStream.flush(Unknown Source)

at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)

at java.naming/com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)

at java.naming/com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)

... 24 common frames omitted

Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.8.8 found

at java.base/sun.security.util.HostnameChecker.matchIP(Unknown Source)

at java.base/sun.security.util.HostnameChecker.match(Unknown Source)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

... 42 common frames omitted

please add the stack trace to

[details="Summary"]
This text will be hidden
[/details]`
section as it will make this much easier to consume

see

This means you're connecting to the AD server via an IP address, that TLS is enabled, and that this IP address is not listed in the certificate being used by the server.

How do i add it ? is the cert in the Web Server configuration? @Kevin.Herron

I guess is this something on ignition configuration or domain controller? I am a abit confused.

The only configuration on the Ignition side is the hostname/IP you use to connect.

You might need to connect via a hostname instead, or get ahold of that certificate (might need help from your IT) to see what hostnames and IPs are listed in it.

According to my IT admin, the ip is included in the cert, i will try to connect using the hostname to see if i see any differences

Same issue using the hostname, the hostname resolves on the windows server that ignition is running on, any other suggestions ?

Same error but instead of the IP the error says the hostname isn't found?

correct, and when i ping the hostname on the command prompt, the machine is able to resolv the hostname. So i am unsure why the Active directory is complaining .

AD isn't complaining; you are being presented with a certificate that does not contain the hostname or IP address.

Either something on your network is interfering and presenting Ignition with a different certificate, or your IT admin is wrong and the certificate doesn't have these items in it.

You can edit ignition.conf and add an entry to the "additional parameters" section like this:

wrapper.java.additional.X=-Djavax.net.debug=ssl:handshake:verbose

where X is the next number in the sequence.

Restart Ignition, then let it try to connect, and the wrapper.log files will contain a bunch of verbose logging output about the connection attempt.

You probably need to work with support at this point because sharing that log on the forum might not be a good idea.