Wednesday, April 16, 2014

Spiceworks Migration: an existing connection was forcibly closed by the remote host

I recently had to migrate my Spiceworks install from a Windows XP machine to a Windows 2012 server.  There was nothing wrong with the Windows XP machine, other than XP being end of life.  We simply needed faster hardware as we were planning on using the new help desk system built into it; prior we were just using it as a network scanning and monitoring solution.

I had tested the Active Directory integration on the Windows XP machine and had it all working nicely.  Unfortunately when I brought it online on the Windows 2012 server, Active Directory users were no longer able to login.

After looking through a lot of posts I checked out the AD scanning settings and noticed that I was getting the error: "an existing connection was forcibly closed by the remote host" regardless of the user account I tried to log in as.  In fact, after some more playing, I noticed that none of the credentials I was trying were even saving to the system, perhaps it only saves if there is no error.  However, I did get a different error if I changed the name of the domain controller, and in the domain controllers security log I was able to see successful authentication attempts.

I was quite confused, I tried all sorts of suggestions and even verified that LDAP was working correctly using the ldp tool as one post suggested.  I tried looking through the logs but could find no no mention of keywords "LdapAD" or any of the other keywords that other people had mentioned finding.

Finally I ran across a post where the user solved their problem by changing the LDAP port to 3269.  That got me thinking, I had the same issue when I was first trying to set mine up and I had set mine to 3269 at that time as well to resolve the issue.  I tried removing that setting, and suddenly everything worked.  The only thing I can think of is that the port it likes is different between the WinXP machine I came from and the Win2012 machine I am now running on.  Since the AD machine never change it does not makes sense to me, but it works.