Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
farokh.sanaee@h Frequent Contributor.
Frequent Contributor.
928 views

LDAP server cannot be connected for login authentication

Hi everyone,

Have an issue with my login by using the LDAPS, I have configured and reviewed that according to the documentaion but still cannot connect via console to the logger by using ldap and get the below events in the logs:

.....

2017/10/18 11:51:05 WARN LdapModule:163 - Failed to connect to ldap server ldaps://dc02.xxxx.xx:636

2017/10/18 11:51:05 WARN LdapModule:163 - Failed to connect to ldap server ldaps://dc05.xxxx.xx:636

2017/10/18 11:51:05 ERROR JAASAuthenticationHandler:325 - Login attempt failed for sanaeef1: javax.security.auth.login.LoginException: None of the LDAP servers could be contacted.

2017/10/18 11:51:05 INFO JAASAuthenticationHandler:430 - is fallback authentication enabled? true

 

i've tested with the openssl and the results as below:

openssl s_client -connect dc02:636

CONNECTED(00000003)

depth=1 DC = fi, DC = xxxx, DC = xx CN = xxxx.xx RootCA

verify return:1

depth=0 CN = dc02.org.aalto.fi

verify return:1

---

Certificate chain

0 s:/CN=dc02.xxxxx.xx

   i:/DC=xxi/DC=xxxx/DC=org/CN=xxxxx.xxRootCA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIHpzCCBY+gAwIBAgIKHyU4+QAAAAFc+jANBgkqhkiG9w0BAQUFADBeMRIwEAYK

CZImiZPyLGQBGRYCZmkxFTATBgoJkiaJk/ccccEZFgVhYWx0bzETMBEGCgmSJomT

...

...

No client certificate CA names sent

Server Temp Key: ECDH, prime256v1, 256 bits

SSL handshake has read 2477 bytes and written 385 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

   Protocol : TLSv1.2

   Cipher   : ECDHE-RSA-AES256-GCM-SHA384

   Session-ID: C8370000EDF2A214381CA476223F4FA4B2C5757EECBB40816EF78E2968F361B4

   Session-ID-ctx:

   Master-Key: 06245B2CD037EF6E1DDDCB92ED26BE4BFEDF0C0303915F589B897C7C75152BD7E16762B92938C40443D152EDAB8FF61F

   Key-Arg   : None

   Krb5 Principal: None

   PSK identity: None

   PSK identity hint: None

   Start Time: 1508318641

   Timeout   : 300 (sec)

   Verify return code: 0 (ok)

---

read:errno=104

 

I could not understand what can be gone wrong!! is someone has had this issue or any help will be highly appriciated. thanks in advance

Br//Fred

Labels (2)
Tags (1)
0 Likes
5 Replies
Frequent Contributor.. dharshini2 Frequent Contributor..
Frequent Contributor..

Re: LDAP server cannot be connected for login authentication

Hi,

Did you manage to fix this issue? 

Thanks.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: LDAP server cannot be connected for login authentication

This is a very old issue, and that error points out that there is a network issue between the server and the AD/LDAP Server.

Easiest way to troubleshoot is just to take a tcpdump on both the arcsight server and the AD server, to ensure traffic goes through properly to it's destination.

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
Arcsight_Logger_User Super Contributor.
Super Contributor.

Re: LDAP server cannot be connected for login authentication

Just an observation on an old post..


openssl s_client -connect dc02:636 returns valid value so it couldn't be a network issue

0 Likes
Arcsight_Logger_User Super Contributor.
Super Contributor.

Re: LDAP server cannot be connected for login authentication

Resolved issue with help from support:

If you upgraded the logger, backup and copy the previous copy of aps_keystore.jks to current config:

find /opt | grep aps_keystore.jks --> this list all old and current aps_keystore.jks on your system

cp <old aps_keystore.jks> to current aps path --> replace file

login to console, system admin, client auth certs

delete all certs and import your domain controller cert(s), CA intermediate cert and root cert

check auth tab and make sure the LDAPS config ldaps://<fqdn or ip address>:636 matches the cert subject

restart logger services and try again

 

Respected Contributor.. bezchleba@axent1 Respected Contributor..
Respected Contributor..

Re: LDAP server cannot be connected for login authentication

Hello, 

thank you very much, you probably saved us from reinstalling ArcMC. It works!

Josef

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.