A new Defender 5.7 installation in a lab environment. The Administration console was installed first, then all the steps (schema, OU and MMC snapin plus control access rights). Then configured the service to use a service account and tested the LDAP, etc.
Then went to the Defender OU and added a Defender Security Server, but seeing a message that the version is unknown and that version 220.127.116.117 was required:
Quest Defender 5.7 - DSS showing as "unknown (18.104.22.1687 required)"
From the DSS log: Ldap failed (Insufficient Rights) writing DSS status.
Service account used for running the service has insufficient permissions.
Assign the service account the required permissions. The documentation suggests Domain Admin membership, but the delegation wizard can be used to delegate for service accounts (see more about this in the Defender Delegated Administration User Guide).
This may also occur when the Active Directory (AD) Defender security server object and the DSS service haven't synced up. Given enough time, possibly several minutes, they will sync and the red light on the "Security Server" tab of your DSS properties in AD will turn green.
Also, if the IP address on the security server object is not the same as the system running the DSS service, the sync will not complete. Verify that the IP address is correct.