Resolve OpenDNS_Connector Kerberos or LDAP Log in Error Events

Available Languages

Download Options

  • PDF     (17.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (81.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (66.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 27, 2025
Document ID:225295

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to resolve Kerberos or LDAP login errors for the OpenDNS_Connector user when login events report DN not found.

    Problem

    This article applies to Connector errors where authentication to Kerberos and LDAP fails, but login events are still found. Login events indicate "DN not found."

    Solution

    You must verify and update the UserPrincipalName property for the opendns_connector user:

    1. Open the user properties for the opendns_connector account.

    2. Ensure the "UserPrincipalName" is defined with the email address of the account.

    3. Compare the UserPrincipalName value to another account to confirm format and expected definition.

    4. Update the value if necessary.

    Once you populate the UserPrincipalName field, the connector can resume proper operation.

    Cause

    A logon failure occurs due to an unknown user name or bad password. The logs display the issue as events are still found, but the system reports "DN not found."

    For example:

    Logon failure: unknown user name or bad password.
    7/22/2019 3:16:01 PM: Using NTLM for LDAP://10.0.0.31:389/DC=Nephrology,DC=com communication to fetch the DN
    7/16/2019 4:33:18 PM: DN not found!

    Revision History

    Revision Publish Date Comments
    1.0
    27-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products