cancel
Showing results for 
Search instead for 
Did you mean: 

No LDAP after 9.0R3.2 upgrade on Port 636

New Contributor

No LDAP after 9.0R3.2 upgrade on Port 636

Hi

This Morning I upgraded our PSA5000-V from 9.0R2 to 9.0R3.2. But now, our LDAP with Port 636 isn't working anymore.

 

LDAPS

For server xx.xx.xx.xx at port 636
LDAP Server is unreachable. Check the server address, port, and connection type.

 

With unencrypted it works

For server xx.xx.xx.xx at port 389
LDAP server is reachable.

 

Do you have any solution? Many thanks in advance.

LI

4 REPLIES 4
Moderator
Moderator

Re: No LDAP after 9.0R3.2 upgrade on Port 636

# Please start the TCP Dump on the VPN server and perform the "Test connection" on the LDAP auth instance page. Get the raw dump and check why the TCP / SSL handshake is being failed i.e. at which step or who sends the TCP RST. 

 

# Which LDAP server is being used?

 

"LDAP Server is unreachable. Check the server address, port, and connection type" ---- https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40396

# EC Curve issue with Windows server 2016 was resolved in 9.0R3, hence 9.0R3.2 should not have this issue.

 

Moderator

Re: No LDAP after 9.0R3.2 upgrade on Port 636

Can you also confirm that that traffic is configured to flow out the internal port?
New Contributor

Re: No LDAP after 9.0R3.2 upgrade on Port 636

Yes, I can! The traffic runs through the internal ports. An it has worked until the new upgrade.

Highlighted
Occasional Contributor

Re: No LDAP after 9.0R3.2 upgrade on Port 636

Since you are talking about LDAP on port 636 i belive that you are talking about LADPS.

In the last update finally the LDPAS cipher suite follow what you configured under System > Configuration > Security > Outbound SSL Options

 

Can you check your Outbound SSL Options and see if the cipher suite proposed is right. Also a TCP Dump capture can easily point you if there is a SSL negotiation issue.

Regards

Radu