"secd.ldap.noServers" in EMS when using SSL/TLS
Applies to
- ONTAP
- Third party LDAP servers
- SSL/TLS
Issue
- After enabling SSL/TLS on the already existing LDAP configuration the following messages start appearing in EMS
secd.ldap.noServers: None of the LDAP servers configured for Vserver (VS1) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
secd.ldap.noServers: None of the LDAP servers configured for Vserver (VS1) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: MapNetbiosDomainToADDomain).
- Secd logs contain some of the following entries
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
RESULT_ERROR_LDAPSERVER_SERVER_DOWN:7642
LDAP TLS Alert generated is 'fatal:decrypt error'
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
RESULT_ERROR_LDAPSERVER_CONNECT_ERROR:7652
- Access to storage resources may be impacted depending on configuration as connection to the LDAP server is no longer possible
-
Expired certificate may be denoted by an EMS log noting
secd: secd.unexpectedFailure:debug]: vserver (VSERVER) Unexpected failure.
Error: Get DC Info procedure failed CIFS Domain Query via LSAR_DS_ROLE_GET_DOMAIN_INFO - Client Ip = X.X.X.X
User = DOMAIN\USER ...
[ 236] Successfully connected to ip X.X.X.X, port 389 using TCP
[ 377] Unable to start TLS: Connect error
[ 377] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
... -
Expiration date indicate expiry:
security certificate show