Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No LDAP after 9.0R3.2 upgrade on Port 636

ludwig_isch
New Contributor
‎02-26-2019 12:21:AM
‎02-26-2019 12:21:AM

No LDAP after 9.0R3.2 upgrade on Port 636

Hi

This Morning I upgraded our PSA5000-V from 9.0R2 to 9.0R3.2. But now, our LDAP with Port 636 isn't working anymore.

 

LDAPS

For server xx.xx.xx.xx at port 636
LDAP Server is unreachable. Check the server address, port, and connection type.

 

With unencrypted it works

For server xx.xx.xx.xx at port 389
LDAP server is reachable.

 

Do you have any solution? Many thanks in advance.

LI

0 Kudos
4 REPLIES 4
r@yElr3y
Moderator
Moderator
‎02-26-2019 05:50:AM
‎02-26-2019 05:50:AM

Re: No LDAP after 9.0R3.2 upgrade on Port 636

# Please start the TCP Dump on the VPN server and perform the "Test connection" on the LDAP auth instance page. Get the raw dump and check why the TCP / SSL handshake is being failed i.e. at which step or who sends the TCP RST. 

 

# Which LDAP server is being used?

 

"LDAP Server is unreachable. Check the server address, port, and connection type" ---- https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40396

# EC Curve issue with Windows server 2016 was resolved in 9.0R3, hence 9.0R3.2 should not have this issue.

 

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
zanyterp
Moderator
Moderator
‎02-26-2019 09:43:AM
‎02-26-2019 09:43:AM

Re: No LDAP after 9.0R3.2 upgrade on Port 636

Can you also confirm that that traffic is configured to flow out the internal port?
0 Kudos
ludwig_isch
New Contributor
‎02-28-2019 02:19:AM
‎02-28-2019 02:19:AM

Re: No LDAP after 9.0R3.2 upgrade on Port 636

Yes, I can! The traffic runs through the internal ports. An it has worked until the new upgrade.

0 Kudos
rdumitrescu
Contributor
‎02-28-2019 08:22:AM
‎02-28-2019 08:22:AM

Re: No LDAP after 9.0R3.2 upgrade on Port 636

Since you are talking about LDAP on port 636 i belive that you are talking about LADPS.

In the last update finally the LDPAS cipher suite follow what you configured under System > Configuration > Security > Outbound SSL Options

 

Can you check your Outbound SSL Options and see if the cipher suite proposed is right. Also a TCP Dump capture can easily point you if there is a SSL negotiation issue.

Regards

Radu

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.