LDAP error making connection from DMZ

Hi Readers,

Just want to share the issue that we have faced & resolved recently on our Email Gateway appliances.  We were not able to make LDAP connection to the domain controllers  from DMZ.

This was happening intermittently , some times connection was successful & sometime connection fails. Similar configuration was working perfectly fine for other site.

For this particular site it was intermittently failing & when checking below were the results that change with every check 🙂

IP

Event the Telnet test was some times connecting & some times just stuck on trying to connect.

On troubleshooting further it was found that firewall was dropping the reverse /acknowledgement traffic from the LDAP servers back to Email Gateways.

ip2

There is a bug in the secure XL feature of firewall version we are using that was causing this behavior, as soon as we had disabled it our stuff started working again 🙂

SecureXL is a software acceleration product installed on Security Gateways. SecureXL network acceleration techniques deliver wire-speed performance for Security Gateways. SecureXL is implemented either in software, or in hardware.

Solution is a fix from the vendor that needs to be applied or disable this feature.

If you are in similar situation, consider above troubleshooting as it has taken a lot of our time to figure this out. (All teams were pointing that everything is fine at their end till our firewall expert found it)

Regards

Sukhija Vikas

http://msexchange.me

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s