Connection failed to the directory server. (2100)

When trying to bind the client (10.8) to the server (10.8 also), it fails and this is in the logs:

8/5/12 2:02:54.052 AM System Preferences[262]: -[ODCAddServerSheetController didFinishGettingServerInfo:] for "server.domain.name" got error Error Domain=com.apple.OpenDirectory Code=2200 "Could not resolve the address." UserInfo=0x7fa2c4cc3950 {NSLocalizedDescription=Could not resolve the address., NSLocalizedFailureReason=Could not resolve the address.}

("server.domain.name" has been changed to protect this innocent)

Any ideas what this means?

Also: the next log entry says:

8/5/12 2:03:04.305 AM System Preferences[262]: -[ODCAddServerSheetController handleOtherActionError: gotError: Error Domain=com.apple.OpenDirectory Code=2100 "Connection failed to node '/LDAPv3/ldap://server.domain.name'" UserInfo=0x7fa2c4cbf010 {NSLocalizedDescription=Connection failed to node '/LDAPv3/ldap://server.domain.name', NSLocalizedFailureReason=Connection failed to the directory server.}, Connection failed to the directory server.

Does this mean anything to anyone?

When you start typing the server's name into the Network Account Server field, does it start to auto complete? It should if DHCP is handing out the address of the LDAP server. Why do you have the clients on static IPs? I advise against that unless that's absolutely necessary. Also, what DNS server are the clients using? They're not going to find your server if the DNS server on the network does not have an entry for your server.

No, it doesn't auto complete. Does OD only work if clients are on an internal network, with the server giving them DHCP addresses, and the server acting as the gatekeeper for everything? Why would the OD system care where the OD server is? Why won't the client, if it can see the server for services like, e.g., ssh, afp, vnc, etc., not also see the LDAP service via the same DNS server?? Is this just a limitation of the Apple implementation, or is it generally true? Am I missing something here?

If the LDAP server does not also have to be a DHCP server for the same clients, how do I get my clients to "see" the LDAP server?

Why do you advise against static IP's, unless absolutely necessary? Is this for some other reason, unrelated to and OD system? I have a very small research lab at a university with only 4 workstations (including the server). It's easy enough to get IP addresses for them through my university, and each can be acccessed by lab members externally very simply. I've simply been creating local users on these machines, but thought that OD would, in principle, work well. Possibly this isn't worth my time, given the small network in my lab.

What your'e describing is not ideal but it can still work. In most environments, I setup OX Server as the DNS server on the network, or at least the first DNS server that is provided by DHCP. You can set your server as the DNS server for your clients, even if you're using static IPs for each. DNS is the key to Open Directory working properly. If your clients can't find the server at its fully qualified domain name (FQDN) such as server.domain.com, then you'll have problems. In environments where I have complete control, I setup OS X Server as the DNS server, and sometimes as the DHCP sever depending on how good the firewall is, and what DHCP options I have on the firewall. In your situation, it sounds like the best course to follow would be to use your OS X server as the DNS host, then when joining each system, use the server's FQDN. Before you do that, make sure that each client system can ping the server's FQDN and return the correct IP address. Also, make sure that your network admin knows what block of IP addresses you're using so that they don't use them for someone else. They could also setup satic maps for you instead of you using a static IP for each. I usually try to talk people out of using static IPs since any changes to the network can knock those systems offline.

Does the OSX server require that DNS queries come from an internal network for which it is the firewall? When I put the server's (fixed) IP address as the DNS server for one of my external computers (that I want to tie to the server's OD), AND I have the server DNS running (according to server.app), the external computer does not access the internet. I assume this means that the DNS server is actually NOT running on my OSX server, or that the server requires the DNS requests to come from an internal network that it serves. If it is possible to have external computers (not behind the server's firewall) access the DNS server, how might I do this? And if I did, would this allow the external computers to get their OD info from this server?

I have computers in different locations, making it impossible to have a physically wired internal network with the server being their firewall. Perhaps it is possible to create a VPN network tying my 4 computers together to the server, and then have the OD on the server give them their account info through this? Or is this not supposed to be necessary (the VPN I mean) to get external computers to ask the server for DNS info (and therefore, from what you said, allow OD to actually work)?

Thanks for any hints or things to try

Honestly, I think you're over complicating this. The best scenario is for OS X Server to run as the DNS server on the network, or at least as the primary DNS server for the clients you want to tie into OD. OS X Server definitely needs to be able to perform lookups using its own internal DNS. If you set DHCP to offer your server as the LDAP server, that helps a lot. All systems should be behind your firewall. If you need to add an OD client on the outside, that's OK, but directory lookups might not be very fast if the client is doing lookups over the internet.

I'm fine running the OS X server as a DNS server, in theory. But this doesn't work. I set the DNS running, and then direct the client machines to go to it for DNS info, and they draw a blank. This is true even though they can log in using the same IP address (they obviously can see the server for some purposes, but not for DNS. Or maybe the server isn't actually running DNS correctly (or at all), which would be really annoying since there is no indication in server.app that anything is amiss).

Also, as I said in my post, my other machines cannot physically be located in the same room, so how can they use the Server as their firewall? Do you mean using a VPN?

It sounds like you are saying that I CAN have clients outside (not behind the server firewall), at least in theory (if I can get DNS working on the server) but it might be slower?

(Lion Server, Lion Client:) In the client computer, go to the network control panel. Select the network you are using (Ethernet, WiFi) and click the Advanced... button. Then select the DNS tab. Verify that the Server IP address is in the list of DNS servers. If not, add it.

Now the Server name (www.myserver.mycountry) can be resolved by the client and you will be able to add the Server as Network Account Server in the Users and Groups Login Options setting. Provided that you have set up the Server's Firewall and DNS services correctly, of course.

Hi

I am using mountail lion 10.8.2, server 2.1, this problem solved for me by:

Preferences > Sharing > Edit ( edit computer name )

then check Use Global Dynamic hostname

and then enter your host name

it worked for me !

Hello,

although it is an old discussion and many answers have been provided, I stumbled on the exact same problem under Server 3 (under Mavericks) and solved in a way that hasn't be illustrated here (?).

I realized that the IP address indicated under the servername in the Open Directory tab in Server was wrong. I checked with the following command line:

# sudo serveradmin settings dirserv

....

dirserv:treeConfiguration:odTree:_array_index:0:IPaddresses:_array_index:0 = "192.168.1.53"

....

whereas the correct ip address is 192.168.1.30. I then executed the following command:

# sudo changeip 192.168.1.53 192.168.1.30

checked that it worked:

# sudo serveradmin settings dirserv

....

dirserv:treeConfiguration:odTree:_array_index:0:IPaddresses:_array_index:0 = "192.168.1.30"

....

And since then, no more 2100 error ;-)

Note that before doing this, the "sudo changeip -checkhostname" command *was* successful. So even if it is for you, you may still try the "sudo changeip <old_ip> <new_ip>" trick.

Good luck.

This helped me with this same error.

Check your Keychains and the SERVER CERTIFICATE for the server you are trying to connect to ON the client side machines to make sure they have not expired...AND make sure the SERVER Certificate on the SERVER is selected for ALL services.

Check the System Prefs/Network - DNS entries of each of the connections like VPN or ETHERNET or WIFI and make sure they have the STATIC IP of the server and the server name.

In USERS and GROUPS / Join Network / Directory Utility / You MUST also add the SERVER to the Search Policy/ Authentication / Custom Path..and add your server... once you have added it to the LDAPv3 Service.

This all helped me with finally "binding of the directory" issues.

I had this issue for a while and finally fixed it. I think the issue started because I updated the certificate for my server and the network computers wouldn't grab the new server certificate. Here is all that I did and it fixed the issue.

1. On your server, open up the server app and turn off DNS services for a minute and turn them back on.

2. On the DNS settings tab I removed the name server record that wasn't working and readded it.

After about 5 minutes I was able to connect to the server and it's been working fine ever since!

Hope that helps some of you!

I came across the same issue today.

The issue on my mac was that the clock was more then 5 minutes ahead of the domain controllers clock.

I changed the ntp server of my mac from the apple server to my domain controller. This solved the issue for me