and more in a single search tool across platforms. Read the announcement here. |
03/03/2024 10:05 AM
AD connection failing intermittently while using SSL certificate. Below are the error we are getting :
App1 Logs
javax.naming.CommunicationException: segotn1014.qrds.volvo.com:636 [Root exception is javax.net.ssl.SSLException: Read timed out] at com.sun.jndi.ldap.Connection.<init>(Connection.java:243) at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2849) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at com.saviynt.ldap.SaviyntGroovyLdapService.verifyDN(SaviyntGroovyLdapService.groovy:9663) at com.saviynt.ldap.SaviyntGroovyLdapService.getConnection(SaviyntGroovyLdapService.groovy:3865) at com.saviynt.ldap.SaviyntGroovyLdapService.testADConnection(SaviyntGroovyLdapService.groovy:5162) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:982) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:769) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)Caused by: javax.net.ssl.SSLException: Read timed out at com.sun.jndi.ldap.Connection.createSocket(Connection.java:398) at com.sun.jndi.ldap.Connection.<init>(Connection.java:220) ... 25 moreCaused by: java.net.SocketTimeoutException: Read timed out at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:171) at java.net.SocketInputStream.read(SocketInputStream.java:141) ... 27 more
App1 Logs
"javax.naming.CommunicationException: segotn1014.qrds.volvo.com:636 [Root exception is javax.net.ssl.SSLException: Read timed out] at com.sun.jndi.ldap.Connection.<init>(Connection.java:243) at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1615) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2849) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at com.saviynt.ldap.SaviyntGroovyLdapService.verifyDN(SaviyntGroovyLdapService.groovy:9663) at com.saviynt.ldap.SaviyntGroovyLdapService.getConnection(SaviyntGroovyLdapService.groovy:3865) at com.saviynt.ldap.SaviyntGroovyLdapService.testADConnection(SaviyntGroovyLdapService.groovy:5162) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:982) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:769) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)Caused by: javax.net.ssl.SSLException: Read timed out at com.sun.jndi.ldap.Connection.createSocket(Connection.java:398) at com.sun.jndi.ldap.Connection.<init>(Connection.java:220) ... 25 moreCaused by: java.net.SocketTimeoutException: Read timed out at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) at java.net.SocketInputStream.read(SocketInputStream.java:171) at java.net.SocketInputStream.read(SocketInputStream.java:141) ... 27 more"
App2 Logs
"javax.naming.NamingException: LDAP response read timed out, timeout used: 10000 ms. at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:129) at com.sun.jndi.ldap.Connection.readReply(Connection.java:469) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:365) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2897) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:347) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:229) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:247) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) at javax.naming.InitialContext.init(InitialContext.java:244) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) at com.saviynt.ldap.SaviyntGroovyLdapService.verifyDN(SaviyntGroovyLdapService.groovy:9663) at com.saviynt.ldap.SaviyntGroovyLdapService.getConnection(SaviyntGroovyLdapService.groovy:3865) at com.saviynt.ldap.SaviyntGroovyLdapService.testADConnection(SaviyntGroovyLdapService.groovy:5162) at com.saviynt.ecm.integration.ExternalConnectionCallService.testExternalConnection(ExternalConnectionCallService.groovy:982) at com.saviynt.ecm.utility.domain.EcmConfigController$_closure21.doCall(EcmConfigController.groovy:769) at grails.plugin.springsecurity.web.filter.GrailsAnonymousAuthenticationFilter.doFilter(GrailsAnonymousAuthenticationFilter.java:53) at com.saviynt.webservice.SaviyntRestAuthenticationFilter.doFilter(SaviyntRestAuthenticationFilter.groovy:159) at grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter.doFilter(MutableLogoutFilter.java:62) at grails.plugin.springsecurity.web.SecurityRequestHolderFilter.doFilter(SecurityRequestHolderFilter.java:59) at com.mrhaki.grails.plugin.xframeoptions.web.XFrameOptionsFilter.doFilterInternal(XFrameOptionsFilter.java:69) at com.brandseye.cors.CorsFilter.doFilter(CorsFilter.java:82) at java.lang.Thread.run(Thread.java:750)"
has context menu
Could someone please suggest a solution to fix this.
03/03/2024 07:33 PM
@yogeshkumar
1. Are you using the Root cert?
2. Are you connection to individually DC?
3. If it is failing intermittently, Check if it failing on any Specific DC. Make sure you also check the LDAP logs.
03/08/2024 04:28 AM
Thanks @stalluri for your response
Please find my below inline response:
1. Are you using the Root cert? >> Yes
2. Are you connection to individually DC? >> We are connecting to individual host name (LDAP Server)
3. If it is failing intermittently, Check if it failing on any Specific DC. Make sure you also check the LDAP logs. >> Unable to find any error logs in windows security event logs
03/10/2024 07:29 PM
Make sure SSL Certificate is loaded on each saviynt server and check AD logs from which server request is coming
03/17/2024 08:31 PM
We have not observed any errors in AD logs and Certificate also loaded on Saviynt server. But still getting error. Sharing more logs for reference:
Error while saving the Connection: java.lang.Exception: Invalid SSL Certificate. Target Error Message: [java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]. Add a new Certificate to the Connection and restart instance.
03/17/2024 08:36 PM
This is intermittent connection failing issue and we have tried various certificates and also not observed any errors on LDAP logs. Please suggest if any have idea on this:
Error while saving the Connection: java.lang.Exception: Invalid SSL Certificate. Target Error Message: [java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty]. Add a new Certificate to the Connection and restart instance.
04/25/2024 10:55 AM
@yogeshkumar were you able to resolve that error? If so what was the issue? I am seeing the same thing.
04/25/2024 07:30 PM
Check with AD/ N/w team if there are any network latency issues