• 3910
  • AP920R
  • P1280

How to perform the basic troubleshooting on Active Directory/LDAP issues?

СНПЧ А7 Пенза, обзоры принтеров и МФУ

Because of the convenience in managing user accounts on one server, more and more network administrators use Active Directory server or LDAP server to authenticate the clients for VPN or for Internet Access with Vigor Router. However, it is not easy to get the right configurations in the beginning because the Active Directory/LDAP servers' structures are various. This document provides some tips on troubleshooting LDAP issues.

Verify the Active Directory/LDAP account by Ldp tool

For verifying if the user accounts are created correctly on the Active Directory/LDAP server, we can use the Ldp tool, contained in the support tool package, that Microsoft provided to verify the account first.

The steps are:

1. Download support tool from Microsoft website: https://www.microsoft.com/en-us/download/details.aspx?id=15326

2. Install support tool by double clicking suptools.msi

3. Run ldp.exe via Program Files(x86) > Support Tools

4. Connect to the Active Directory/LDAP server

5. Send a Bind Request.

- Click Bind under Connection

- Enter the User name, such as cn=vivian,ou=vpnusers,dc=draytek,dc=com

- Enter the Password

- Click OK

6. Server will respond the result of the Bind Request.

a. If server responds "Bind Failed" and "Invalid Credentials", that means the account or the password is not correct. Please recheck the user settings on the server.


b. If server responds "Authenticated", it means the bind is successful and we can move forward to the next step.


Verify the Active Directory/LDAP settings on Vigor Router

1.Use Simple mode to verify if Vigor Router can bind the user account that have been tested with Ldp tool successfully first.


2. Check if cn is configured for Common Name Identifier, and use the user account without cn=vivian that has been authenticated by LDAP server with Ldp tool for Base Distinguished Name.


3. Verify by creating VPN connection.

For the detailed steps, please refer to  How to authenticate Host to LAN VPN with Active Directory/LDAP server?

If Simple Bind by LDP tool works but VPN still cannot pass the Active Directory/LDAP authentication, please provide the information below and then email them to  Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. for our analysis.

  • Wireshark packets on the Active Directory/LDAP server
  • Screenshots of the User account on the Active Directory/LDAP server, such as
  • Screenshots of the Active Directory/LDAP configurations on Vigor Router
  • Remote management info to Vigor Router
  • An account/password that has passed the Ldp tool test on the Active Directory/LDAP server for testing remotely
  • News
    Evénements, Nouveauté
    Pour en savoir plus sur les nouveautés et événements DrayTek.
    Cliquez ici
    Informations produits
    Accédez ici à nos catalogues, solutions, produits, matrice produits, informations techniques...
    Cliquez ici
    Aides Technologies
    Accéder ici à notre rubrique Technologie, Etude de cas, Médiathéque, aides techniques...
    Cliquez ici
    Solutions d'affaires
    Accéder ici aux solutions d'affaires, que vous soyez une TPE, PME, micro-entreprise...
    Cliquez ici