Element ID / Rule name:
∗ This monitor indicates that Microsoft Project Web App could not access the Active Directory directory service.
∗ When an administrator browses to the "Active Directory Enterprise Resource Pool Synchronization" or "Add or Edit Group" page by using Project Web App, Project Web App checks the current availability of the Active Directory forests. This check determines whether the Find Group button on those pages is enabled.
∗ If the Find Group button is available, administrators can use it to choose which Active Directory group to use for synchronization.
One or more of the following situations might be the cause:
∗ The Microsoft Project Server application server is using a SharePoint Service Account (SA) account that does not have read access to Active Directory.
∗ The Project Server application server may no longer be joined to an Active Directory domain.
∗ The Project Server application server does not currently have network access to the domain.
∗ Ports required for Project Server and Active Directory to communicate are not open between the Project Server application server and the Active Directory store. This can occur if a firewall is configured to block a port described in the following list:
389/UDP – LDAP: LDAP is the Lightweight Directory Access Protocol that is designed to provide a standard way to access directory services. LDAP is the primary protocol used to access an Active Directory store.
636/TCP – LDAP over SSL: When Secure Sockets Layer (SSL) is enabled, the LDAP data that is transmitted and received is encrypted.
3268/TCP – Microsoft Global Catalog: Active Directory global catalogs listen on this port.
3269/TCP – Microsoft Global Catalog with LDAP/SSL: Microsoft global catalog SSL connections listen on this port.
Possible resolutions include:
∗ Verify that the service account used by the SA used by the Project Server application server is a domain account that has read access to Active Directory.
∗ Verify that the Project Server application server is joined to an Active Directory domain.
∗ Verify that the Project Server application server has network access.
∗ Verify that the ports listed in the previous section are open between the Active Directory store and the Project Server application server.