Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4379
Views
0
Helpful
6
Replies

Alert LDAP

Go to solution
Guillermo Hurtado
Level 1
Level 1

‎01-20-2016 10:50 AM

Hi Team.

We have received some alerts like this:

"The query x.accept failed with result inquiry timed out". 

Please let me know if we can make any correction in ESA or this timed out is caused by the client network or server.

Best Regards

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to Guillermo Hurtado

‎01-21-2016 02:42 PM

Hello Guillermo,

The connection interrupted (writer) would generally be the connection cut as inactivity more often than not.

The concern here is the read timeout.

It looks like there is a connection issue to the LDAP servers you have configured on port 3268.

Please note that the ESA is set to allow a connection to remain open for up to 10,000
queries or 6 hours before it closes the connection.  Based on this, if the AD server is
not configured to match or exceed this, then these errors can be seen.  You may also want
to check to ensure that any firewalls are configured for the same settings as firewalls
have been known to exhibit the same symptoms by limiting the timeouts on the connection. 
This will often be seen as an out of sequence communication and the query request will be
silently dropped.

Regards,

Matthew

View solution in original post

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to Guillermo Hurtado

‎01-22-2016 11:03 AM

Check the user guide -- we post the recommended firewall ports for all services supported through ESA there --- Appendix D:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

-Robert

Cheers,
Robert Sherwin

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎01-20-2016 04:18 PM

Hello Guillermo,

Generally i would request during the time-frames when you may be seeing this.

Please go to GUI > System Admin > LDAP

Test connection to your LDAP servers

Then test the LDAP accept queries as well.

Possibly there was a slight network interruption causing the LDAP queries to not get a response within 20 seconds and thus generated these app faults during this time frame.

If all connection are fine, then alerts should be safe to ignore, however it happens frequently during specific time frames, I would strong suggest to consult your network team or run the tests to see what may be interrupting the LDAP queries.

Regards,

Matthew

0 Helpful

Go to solution
Guillermo Hurtado
Level 1
Level 1
In response to Mathew Huynh

‎01-21-2016 02:36 PM

Hi Matthew.

I run the test and appear successful in GUI (System Administrations - LDAP). But logs in CLI appear these info:

Thu Jan 21 15:23:39 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (60) Connection interrupted (writer)
Thu Jan 21 15:23:39 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (71) connecting to server
Thu Jan 21 15:23:39 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (71) connected to server
Thu Jan 21 15:23:39 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (72) connecting to server
Thu Jan 21 15:23:39 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (72) connected to server
Thu Jan 21 15:24:09 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (63) read timeout
Thu Jan 21 15:24:09 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (63) Connection interrupted (writer)
Thu Jan 21 15:24:09 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (73) connecting to server
Thu Jan 21 15:24:09 2016 Debug: LDAP: chachoindependiente:10.101.98.44(10.101.98.44:3268) (73) connected to server

Do not appear any query user to LDAP. Cold you tell me if this interruptions are caused by the firewall. I made a telnet and the connections is established too.

Thanks and Regards

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to Guillermo Hurtado

‎01-21-2016 02:42 PM

Hello Guillermo,

The connection interrupted (writer) would generally be the connection cut as inactivity more often than not.

The concern here is the read timeout.

It looks like there is a connection issue to the LDAP servers you have configured on port 3268.

Please note that the ESA is set to allow a connection to remain open for up to 10,000
queries or 6 hours before it closes the connection.  Based on this, if the AD server is
not configured to match or exceed this, then these errors can be seen.  You may also want
to check to ensure that any firewalls are configured for the same settings as firewalls
have been known to exhibit the same symptoms by limiting the timeouts on the connection. 
This will often be seen as an out of sequence communication and the query request will be
silently dropped.

Regards,

Matthew

0 Helpful

Go to solution
Guillermo Hurtado
Level 1
Level 1
In response to Mathew Huynh

‎01-22-2016 08:35 AM

Hi Matthew.

One last question.

Wich ports we need have to open in the firewall for the god communication with LDAP Server.

Thanks a lot for you help.

Best Regards

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to Guillermo Hurtado

‎01-22-2016 11:03 AM

Check the user guide -- we post the recommended firewall ports for all services supported through ESA there --- Appendix D:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

-Robert

Cheers,
Robert Sherwin
0 Helpful

Go to solution
Guillermo Hurtado
Level 1
Level 1
In response to Robert Sherwin

‎01-22-2016 11:25 AM

Robert , Matthew.

Thanks a lot for your help.

Regards

0 Helpful
Customers Also Viewed These Support Documents