Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
When trying to connect the Sophos Mobile server with an LDAP server, the following error is shown:
Could not connect to directory server on ldaps://domaincontroller.company.com
Within the server.log of the Sophos Mobile server, the following error can be found:
2019-06-28 13:57:56,534 ERROR [com.sophos.mobilecontrol.server.onpremimpl.login.admin.AdminLoginBean] (default task-210) error searching via ldap: com.sophos.mobilecontrol.server.commons.ldap.LdapLookupException: could not connect to ldap="Display name: L*******************************e, Ldap type: ActiveDirectory", reason: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090257, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]
This behavior can be observed, if the Domain Controller group policy is enabled to require LDAP signing.
Currently, the Sophos Mobile server does not support LDAP signing and therefore the Domain Controller rejects the connection.
This article describes the requirement to be able to connect to the LDAP server.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Mobile
To be able to connect to the LDAP server, the Domain Controller: LDAP server signing requirements must be set to None. This can be achieved by performing the following steps:
As soon as the policy is updated on the LDAP servers / domain controller to which the Sophos Mobile server should connect, the connection can be established again.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.