The Active Directory (AD)/Lightweight Directory Access Protocol (LDAP) Connector is offline and not working. When a user attempts to sign in using the AD/LDAP Connection, the following error is displayed: NotInThisNode. The connector logs show the following message:

UNABLE_TO_GET_ISSUER_CERT_LOCALLY

• Active Directory/LDAP Connector
• High Availability (HA) setup
• Public cloud environment
• Converged platform environment

The Certificate Authority is missing from the Trusted Root Certificate Authorities on the machine where the AD/LDAP Connector is installed. 

This section provides the steps to resolve the certificate issue for the AD/LDAP Connector.

High Availability Setup Troubleshooting

If the error occurs on the second machine in a High Availability setup, verify that the Trusted Root Certificate Authorities on the second machine match the first machine's Trusted Root Certificate Authorities.

Certificate Installation Steps

1. For public cloud environments: Verify the ISRG Root X1 certificate is installed in the Trusted Store on the machine with the connector.

2. For converged platform environments: Add the ISRG Root X2 certificate to the Trusted Store on the machine with the connector installed.