Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Failed LDAP Querys a Problem or just normal by desing?

Hey Dudes,

i wacht our LDAP Log cause our IronPort some times, mostley once a week, send us a Mail that one LDAP-Query failed. After watching the Log i am a little bit confused. There are lot`s of Entrys like this over the day:

Thu Jul 12 08:34:35 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: domain.local:x.x.x.x(x.x.x.x:3268) (57860) connected to server

This are different Querrys to different DC`s. I testet the Querys in the IronPort and they work fine. It seems for me that everything is ok but why did i get these Errors in the Log? Can they be ignored?

Regards Claudius

Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connected to server

Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connecting to server
Thu Jul 12 08:34:35 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (662) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (632) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (642) connected to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (633) Connection interrupted (writer)
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connecting to server
Thu Jul 12 08:35:15 2012 Debug: LDAP: Media.int:10.157.128.103(10.157.128.103:3268) (643) connected to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (653) Connection interrupted (writer)
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connecting to server
Thu Jul 12 08:36:05 2012 Debug: LDAP: Media.int:10.157.128.105(10.157.128.105:3268) (663) connected to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection Error: [Errno 54] Connection reset by peer
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) this server marked DOWN
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57850) Connection interrupted (writer)
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connecting to server
Thu Jul 12 08:36:13 2012 Debug: LDAP: SRF:10.176.32.26(10.176.32.26:3268) (57860) connected to server

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Failed LDAP Querys a Problem or just normal by desing?

Hi Claudius,

The IronPort is not in active production mode, the above logs can be considered as normal behavior and can be safely ignored.

The doman controller has an idle timeoout of 900 seconds for LDAP sessions by default. The appliance will always establish all concurrent connections to the LDAP server to be ready to send query. If the traffic on the appliance is low, for example a spare unit, the default timeout of the AD Domain Controller may apply and interrupt the connecton.
If the mail traffic volume has become normal again, these logs will disappear.

The IronPort ESA has hardcoded timeout for LDAP connections, i.e.: 6 hours or 10,000 queuries, whichever comes first.

I hope this helps.

Regards,
Donny

1 REPLY
Cisco Employee

Failed LDAP Querys a Problem or just normal by desing?

Hi Claudius,

The IronPort is not in active production mode, the above logs can be considered as normal behavior and can be safely ignored.

The doman controller has an idle timeoout of 900 seconds for LDAP sessions by default. The appliance will always establish all concurrent connections to the LDAP server to be ready to send query. If the traffic on the appliance is low, for example a spare unit, the default timeout of the AD Domain Controller may apply and interrupt the connecton.
If the mail traffic volume has become normal again, these logs will disappear.

The IronPort ESA has hardcoded timeout for LDAP connections, i.e.: 6 hours or 10,000 queuries, whichever comes first.

I hope this helps.

Regards,
Donny

2360
Views
0
Helpful
1
Replies
CreatePlease to create content