Saturday, July 18, 2015

LDAP error making connection from DMZ

Hi Readers,

Just want to share the issue that we have faced & resolved recently on our Email Gateway appliances.  We were not able to make LDAP connection to the domain controllers  from DMZ.

This was happening intermittently , some times connection was successful & sometime connection fails. Similar configuration was working perfectly fine for other site.

For this particular site it was intermittently failing & when checking below were the results that change with every check :)

IP

Event the Telnet test was some times connecting & some times just stuck on trying to connect.

On troubleshooting further it was found that firewall was dropping the reverse /acknowledgement traffic from the LDAP servers back to Email Gateways.

ip2

There is a bug in the secure XL feature of firewall version we are using that was causing this behavior, as soon as we had disabled it our stuff started working again :)

SecureXL is a software acceleration product installed on Security Gateways. SecureXL network acceleration techniques deliver wire-speed performance for Security Gateways. SecureXL is implemented either in software, or in hardware.

Solution is a fix from the vendor that needs to be applied or disable this feature.

If you are in similar situation, consider above troubleshooting as it has taken a lot of our time to figure this out. (All teams were pointing that everything is fine at their end till our firewall expert found it)

Regards

Sukhija Vikas

http://msexchange.me

No comments:

Post a Comment