We also recently also upgraded our AD to Windows 2008 R2 native and didn't need to change anything in our apache / tomcat / shibboleth configuration other than switching the server names around during the actual upgrade.
The logs should show some error(s) which may pin down the error point whether it's a ldap issue or a missing bracket in a xml file.
Are you using plain ldap(s) or the globalcatalog port for the connection?
As we have a very similar setup, let me know if you want a 2nd set of eyes to have a look at the logs / config etc.
John Spence - BSD
Nottingham Trent University, UK
Tel 0115 848 8519
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Rod Widdowson
Sent: 07 December 2010 18:01
To: [log in to unmask]
Subject: Re: AD on Windows Server 2008 R2 - any issues?
I've used W2k8 extensively without problems. But not in this particular set up. I'm a bit confused when you say "using CAS" but also "authenticating against Active directory". Just to clarify my mind when you say "switching our authentication from pointing the 2003 server to the 2008 server " What did you change?
> now we get the HTTP Status 404 error telling me Apache Tomcat is not
This might be as easy as an XML syntax issue. I'd first check the logs for anything obvious..
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Heather Peake
> Sent: 07 December 2010 12:58
> To: [log in to unmask]
> Subject: AD on Windows Server 2008 R2 - any issues?
> We have a version 2 IDP up and running on a Windows server with Apache
> using CAS and authenticating against Active Directory on a Windows Server 2003.
> They are migrating AD to a Windows server 2008 R2.
> Currently the AD is the same on both types of server. I just tried
> switching our authentication from pointing the 2003 server to the 2008
> server and now we get the HTTP Status 404 error telling me Apache Tomcat is not available.
> For the time being I've switched it back to the 2003 server, but long term this is in demise.
> Is there something significantly different between authenticating to
> 2003 and 2008 R2. Can anybody point me at appropriate info that I've
> clearly missed? I will admit to being not very good with Shibboleth and thus fairly hopeless at trouble shooting it.
> Today's foray into the unknown world of server 2008 was because we
> were getting reports from the Gale group resources saying we were not
> releasing attributes which made no sense as we have made no changes it
> was just chugging a long happily. We had noticed a clock issue this morning and to be honest I was hoping that was it, but thought we would try the new AD server because it needed trying.
DISCLAIMER: This email is intended solely for the addressee. It may contain private and confidential information. If you are not the intended addressee, please take no action based on it nor show a copy to anyone. In this case, please reply to this email to highlight the error. Opinions and information in this email that do not relate to the official business of Nottingham Trent University shall be understood as neither given nor endorsed by the University. Nottingham Trent University has taken steps to ensure that this email and any attachments are virus-free, but we do advise that the recipient should check that the email and its attachments are actually virus free. This is in keeping with good computing practice.