• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Errors authenticating using CFLDAP

New Here ,
Jun 22, 2021 Jun 22, 2021

Copy link to clipboard

Copied

We have an application that uses CFLDAP, port 636 to authenticate user to Active Directory. We are getting the following error: An error has occurred while trying to execute query :xxx.yyy.zzzz:636.

The server is running CF2021 Enterprise, on a Windows 2016 server

I can get it to work randomly rebooting the server or starting/stopping the CF Application service. It might start working on the second, third, fourth reboot, etc. Once it is working it is fine until monthly patch reboots and the failure process starts all over again. We do have a CF2018 server also on Windows 2016 server and do not have the issue.

Here is what I have tried, all with no long-term luck in fixing the issue:

  • Reinstalled Windows and a fresh copy of CF2021
  • Tried different OpenJDK versions (all ver 11.x)
  • Tried importing our domain and server certs into the cacert in the JRE folder
  • Tried a completely different CF2021 server – same issue

The error output is not very helpful.

No entries in Windows, Apache or CF logs when the error occurs.

CFCATCH doesn’t provide anything useful

I feel like this is cert related but can’t find anyway to further diagnose the actual error above to provide any deeper details.

 

Thoughts/Suggestions?

 

Views

5.2K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 09, 2021 Dec 09, 2021

Copy link to clipboard

Copied

Here is an interesting update.

In the process of setting of a different instance on Windows Server 2019, I downloaded the latest CF installer which had Update #2 folded into it.  I proceeded to setup CF2021 as I had done previously, everything out of the box, used the JDK that is installed by CF2021.  

I was able to utilize the secure CFLDAP calls without issue, where as before I could not and had to use port 389.

I have repeated the process twice now on Windows Serer 2016. Each time working as expected. A little too early to tell (knock on wood), but it looks promising.

 

I also noticed some of the bugs with the original installer have also been fixed. Some of the things I had to fix manually before are now present with the latest installer from the CF downloads web site.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 10, 2021 Dec 10, 2021

Copy link to clipboard

Copied

LATEST

Well.... success was short lived 😞

Restarted the CF Application service 3-4 times the day before - worked fine

Today, restarted the CF Application and it is back failing on port 636. Changed to port 389 and it works.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation