Discussions LDAPS problem after update from 9.6.3 to 9.7.3

Sophos Mobile requires membership for participation - click to join

Thread Info

State Verified Answer
+1 person also asked this people also asked this
Locked Locked
Replies 3 replies
Subscribers 6 subscribers
Views 14321 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAPS problem after update from 9.6.3 to 9.7.3

ITService over 3 years ago

Hello,

after update SMC from 9.6.3 to 9.7.3 LDAPS to Microsoft DC doesn't work anymore.
In server.log I find

... [Root exception is javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)].....

LDAP without SSL is running fine.

Best regards
Michael

This thread was automatically locked due to age.

Top Replies

GlennSen over 3 years ago +1 verified

Hi There, This is caused by the underlying Java version deactivating TLS 1.0 and 1.1 that Sophos Mobile still uses to establish a connection to the LDAP server. Kindly follow the steps below: Sign…

Parents

+1 GlennSen over 3 years ago
Hi There,

This is caused by the underlying Java version deactivating TLS 1.0 and 1.1 that Sophos Mobile still uses to establish a connection to the LDAP server.
Kindly follow the steps below:

Sign in to the operating system where Sophos Mobile is installed.

Stop the Sophos Mobile service.

Go to the folder %MDM_HOME%\wildfly\standalone\configuration\.

Edit the file smc.properties using a text editor (for example Notepad).

Change the line smc.ldap.tls.protocols=TLSv1,TLSv1.1 to smc.ldap.tls.protocols=TLSv1,TLSv1.1,TLSv1.2.

Save the changes.

Restart the Sophos Mobile Server.

After following this procedure, the Sophos Mobile Server will utilize TLS 1.2 for the LDAPS connection.
Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Cancel

Reply

+1 GlennSen over 3 years ago
Hi There,

This is caused by the underlying Java version deactivating TLS 1.0 and 1.1 that Sophos Mobile still uses to establish a connection to the LDAP server.
Kindly follow the steps below:

Sign in to the operating system where Sophos Mobile is installed.

Stop the Sophos Mobile service.

Go to the folder %MDM_HOME%\wildfly\standalone\configuration\.

Edit the file smc.properties using a text editor (for example Notepad).

Change the line smc.ldap.tls.protocols=TLSv1,TLSv1.1 to smc.ldap.tls.protocols=TLSv1,TLSv1.1,TLSv1.2.

Save the changes.

Restart the Sophos Mobile Server.

After following this procedure, the Sophos Mobile Server will utilize TLS 1.2 for the LDAPS connection.
Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 ITService over 3 years ago in reply to GlennSen

Hi,

problem solved, thankyou very much.

Best regards

Michael
Cancel
Vote Up 0 Vote Down

Cancel
0 GlennSen over 3 years ago in reply to ITService

You're always welcome Michael, if you have more queries in the future, please feel free to reach us.

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel