Solved: Failed LDAP Querys a Problem or just normal by desing?

Claudius_Ruecker · ‎07-11-2012

Hey Dudes,

i wacht our LDAP Log cause our IronPort some times, mostley once a week, send us a Mail that one LDAP-Query failed. After watching the Log i am a little bit confused. There are lot`s of Entrys like this over the day:

Thu Jul 12 08:34:35 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57860) connected to server

This are different Querrys to different DC`s. I testet the Querys in the IronPort and they work fine. It seems for me that everything is ok but why did i get these Errors in the Log? Can they be ignored?

Regards Claudius

Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connected to server

donnylee · ‎07-21-2012

Hi Claudius,

The IronPort is not in active production mode, the above logs can be considered as normal behavior and can be safely ignored.

The doman controller has an idle timeoout of 900 seconds for LDAP sessions by default. The appliance will always establish all concurrent connections to the LDAP server to be ready to send query. If the traffic on the appliance is low, for example a spare unit, the default timeout of the AD Domain Controller may apply and interrupt the connecton.
If the mail traffic volume has become normal again, these logs will disappear.

The IronPort ESA has hardcoded timeout for LDAP connections, i.e.: 6 hours or 10,000 queuries, whichever comes first.

I hope this helps.

Regards,
Donny

View solution in original post

donnylee · ‎07-21-2012