cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.2.0-616
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.2.0-203
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

4189
Views
0
Helpful
1
Replies
Claudius_Ruecker
Beginner

Failed LDAP Querys a Problem or just normal by desing?

Hey Dudes,

i wacht our LDAP Log cause our IronPort some times, mostley once a week, send us a Mail that one LDAP-Query failed. After watching the Log i am a little bit confused. There are lot`s of Entrys like this over the day:

Thu Jul 12 08:34:35 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57860) connected to server

This are different Querrys to different DC`s. I testet the Querys in the IronPort and they work fine. It seems for me that everything is ok but why did i get these Errors in the Log? Can they be ignored?

Regards Claudius

Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connected to server

Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connected to server

1 ACCEPTED SOLUTION

Accepted Solutions
donnylee
Cisco Employee

Hi Claudius,

The IronPort is not in active production mode, the above logs can be considered as normal behavior and can be safely ignored.

The doman controller has an idle timeoout of 900 seconds for LDAP sessions by default. The appliance will always establish all concurrent connections to the LDAP server to be ready to send query. If the traffic on the appliance is low, for example a spare unit, the default timeout of the AD Domain Controller may apply and interrupt the connecton.
If the mail traffic volume has become normal again, these logs will disappear.

The IronPort ESA has hardcoded timeout for LDAP connections, i.e.: 6 hours or 10,000 queuries, whichever comes first.

I hope this helps.

Regards,
Donny

View solution in original post

1 REPLY 1
donnylee
Cisco Employee

Hi Claudius,

The IronPort is not in active production mode, the above logs can be considered as normal behavior and can be safely ignored.

The doman controller has an idle timeoout of 900 seconds for LDAP sessions by default. The appliance will always establish all concurrent connections to the LDAP server to be ready to send query. If the traffic on the appliance is low, for example a spare unit, the default timeout of the AD Domain Controller may apply and interrupt the connecton.
If the mail traffic volume has become normal again, these logs will disappear.

The IronPort ESA has hardcoded timeout for LDAP connections, i.e.: 6 hours or 10,000 queuries, whichever comes first.

I hope this helps.

Regards,
Donny

Create
Recognize Your Peers
Content for Community-Ad