LDAPS problem after update from 9.6.3 to 9.7.3

Question

Hello, 
 after update SMC from 9.6.3 to 9.7.3 LDAPS to Microsoft DC doesn't work anymore. In server.log I find 
 ... [Root exception is javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)]..... 
 LDAP without SSL is running fine. 
 Best regards Michael

GlennSen · Accepted Answer

Hi There, 
 This is caused by the underlying Java version deactivating TLS 1.0 and 1.1 that Sophos Mobile still uses to establish a connection to the LDAP server. Kindly follow the steps below: 
 
 Sign in to the operating system where Sophos Mobile is installed. 
 Stop the Sophos Mobile service. 
 Go to the folder %MDM_HOME%\wildfly\standalone\configuration\ . 
 Edit the file smc.properties using a text editor (for example Notepad). 
 Change the line smc.ldap.tls.protocols=TLSv1,TLSv1.1 to smc.ldap.tls.protocols=TLSv1,TLSv1.1,TLSv1.2 . 
 Save the changes. 
 Restart the Sophos Mobile Server. 
 
 After following this procedure, the Sophos Mobile Server will utilize TLS 1.2 for the LDAPS connection.

LDAPS problem after update from 9.6.3 to 9.7.3

Top Replies