Domain Credential Phishing - LDAP fails to bind

Showing results for 
Search instead for 
Did you mean: 

Domain Credential Phishing - LDAP fails to bind

L2 Linker

Hi all,


I have been setting up the domain credential phishing with a colleague and we have run into an issue where the service account is unable to bind to the LDAP on the RODC. We have followed the troubleshooting guidelines in the following document but unfortunately we still hit the same issue. Has anyone else experienced this issue or knows how to remedy it?  


Troubleshooting document -


07/23/20 15:36:35:366 [ Info 2057]: ---------------Service is stopped---------------

07/23/20 15:36:35:366 [ Info 1917]: Service stopped.
07/23/20 15:36:36:694 [ Info 2038]: ------------Service is being started------------
07/23/20 15:36:36:710 [ Info 2045]: Os version is 6.2.0.
07/23/20 15:36:36:710 [ Info 389]: Load debug log level Info.
07/23/20 15:36:36:710 [ Info 247]: Service version is
07/23/20 15:36:36:710 [ Info 392]: Product version is 9.
07/23/20 15:36:36:710 [ Info 313]: Named pipe for UaService created.
07/23/20 15:37:11:069 [Error 542]: ldap_connect(AD service account) return(49) : ÀÝA

07/23/20 15:37:11:069 [Error 1073]: pan_ldap_bind() failed

07/23/20 15:37:11:069 [Error 1861]: ldap connect failed: 8ÝA


Cyber Elite
Cyber Elite


Like the article suggests, try running the service as Local System. If that doesnt work, use a Domain Admin account and run the service with it.



Thank you for the response. My colleague said he tried doing this but there was nothing in the logs for the local system account attempting to make the ldap bind. I am guessing the services were not stopped while the attempt was made.


Will be working on this later today and will post an update after.  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!