LDAPS problem after update from 9.6.3 to 9.7.3

Hello,

after update SMC from 9.6.3 to 9.7.3 LDAPS to Microsoft DC doesn't work anymore.
In server.log I find

... [Root exception is javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)].....

LDAP without SSL is running fine.

Best regards
Michael

Parents
  • Hi There,

    This is caused by the underlying Java version deactivating TLS 1.0 and 1.1 that Sophos Mobile still uses to establish a connection to the LDAP server.
     Kindly follow the steps below:

    1. Sign in to the operating system where Sophos Mobile is installed.
    2. Stop the Sophos Mobile service.
    3. Go to the folder %MDM_HOME%\wildfly\standalone\configuration\.
    4. Edit the file smc.properties using a text editor (for example Notepad).
    5. Change the line smc.ldap.tls.protocols=TLSv1,TLSv1.1 to smc.ldap.tls.protocols=TLSv1,TLSv1.1,TLSv1.2.
    6. Save the changes.
    7. Restart the Sophos Mobile Server.

    After following this procedure, the Sophos Mobile Server will utilize TLS 1.2 for the LDAPS connection.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • Hi,

    problem solved, thankyou very much.

    Best regards

    Michael

Reply Children