05-06-2015 02:52 AM
Hi all,
i have a problem with LDAP checking for incoming email in clusterconfig.
It seems that after building the clusterconfig only uses the LDAP certificate of the cluster creator ESA causing all LDAP checks on secondary ESA dropping for LDAP error. Unable to process message 37030. Message requeued.
Is this possible? What should be the correct LDAP configuration when config clustering ESA ?
thanks all
smaikol
Solved! Go to Solution.
05-07-2015 10:13 AM
Hello Michele,
When a new machine joins the cluster, all existing config is replaced.
In regard to cluster and certificates you have following two option:
1. Get SAN or wildcard cert which can be used at cluster level
2. if you already have machine / host specific certificates then move the certificate config to machine level.
The precedence of config for appliance is cluster is Machine -> Group -> Cluster. high to low respectively.
For second tin, please do following:
GUI -> Network -> Certificates
Click Manage Configuration
Create New machine Level Config for All appliances in cluster of certificates
Install the certificates
NOTE: Keep Name of Certificate same
Submit and commit.
If you have any further issues, please feel to open case with TAC.
Thanks
Nasir Abbas
05-07-2015 10:13 AM
Hello Michele,
When a new machine joins the cluster, all existing config is replaced.
In regard to cluster and certificates you have following two option:
1. Get SAN or wildcard cert which can be used at cluster level
2. if you already have machine / host specific certificates then move the certificate config to machine level.
The precedence of config for appliance is cluster is Machine -> Group -> Cluster. high to low respectively.
For second tin, please do following:
GUI -> Network -> Certificates
Click Manage Configuration
Create New machine Level Config for All appliances in cluster of certificates
Install the certificates
NOTE: Keep Name of Certificate same
Submit and commit.
If you have any further issues, please feel to open case with TAC.
Thanks
Nasir Abbas
05-10-2015 12:19 AM
Hi Nasir,
thanks a lot for your info, can i use this procedure for the cluster certificate?
http://enterpriseit.co/ironport/how-to-setup-ssl-certificate-on-ironport/
should i remove the 2nd ESA and add it again and THEN create the certificate? should i remove the single endpoint certificate?
thanks,
smaikol
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide