IBM Support

IT31582: LDAP CONNECTION MAY FAIL WITH ANR3114E, ANR3116E, ANR3103E AND ANR2732E.

Direct links to fixes

8.1.10.000-IBM-SPOC-WindowsX64
8.1.10.000-IBM-SPOC-Linuxx86_64
8.1.10.000-IBM-SPOC-Linuxs390x
8.1.10.000-IBM-SPOC-LinuxPPC64le
8.1.10.000-IBM-SPOC-AIX
8.1.10.000-IBM-SPCMS-WindowsX64
8.1.10.000-IBM-SPCMS-WindowsI32
8.1.10.000-IBM-SPCMS-Linuxx86_64
8.1.10.000-IBM-SPSRV-WindowsX64
8.1.10.000-IBM-SPSRV-Linuxx86_64
8.1.10.000-IBM-SPSRV-Linuxs390x
8.1.10.000-IBM-SPSRV-Linuxppc64le
8.1.10.000-IBM-SPSRV-AIX
IBM Spectrum Protect Server V8.1 Fix Pack (V8.1.10) Downloads

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The Spectrum Protect server LDAP connection fails with the
following errors when connecting to a Windows active directory
if automatic root certificate updates is not turned off.

ANR3114E LDAP error 116 (Failed to connect to the SSL server)
ANR3116E LDAP SSL/TLS error 406 (I/O error)
ANR3103E Failure occurred while initializing LDAP
directory services
ANR2732E Unable to communicate with the LDAP directory server
The Spectrum Protect server LDAP connection fails with the
following errors when connecting to an IBM Security Directory
Server and the LDAP server authentication is set to
serverClientAuth (sslAuth serverClientAuth) instead of
serverAuth or the certificate is not trusted.

When connecting to LDAP port 389, the following errors are
logged in the activity log :

ANR3114E LDAP error 116 (Failed to connect to ssl server.)
occurred during ldap_start_tls_s_np.
ANR3116E LDAP SSL/TLS error 420 (Socket closed)
occurred during ldap_start_tls_s_np.
ANR3103E Failure occurred while initializing LDAP directory
services.
ANR2732E Unable to communicate with the external LDAP directory
server.

When connecting to LDAP port 636, the following errors are
logged in the activity log :

ANR3114E LDAP error 81 (Can't contact LDAP server)
occurred during ldap_sasl_bind.
ANR3116E LDAP SSL/TLS error 116 (Unknown SSL error)
occurred during ldap_sasl_bind.
ANR3103E Failure occurred while initializing LDAP directory
services.
ANR2732E Unable to communicate with the external LDAP directory
server.

Customer/L2 Diagnostics :
Verify the Windows automatic root certificate updates
configuration to determine if it is turned on or off.
Review the IBM Security Directory Server configuration file
(ibmslapd.conf) to obtain the value of the sslAuth option
and determine if it is set to serverClientAuth or serverAuth.

Initial Impact: Medium

Additional Keywords:
ldap ssl TS003048082

Versions Affected:
Spectrum Protect server 7.1 and 8.1 on all platforms.

Local fix

  • - When connecting to a Windows Active directory, turn off
automatic root certificate updates to Windows Update if your
Windows Active Directory server does not have access to the
internet.
- When connecting to an IBM Security Directory Server,
configurethe IBM Security Directory Server LDAP server
authentication to use the serverAuth authentication
(sslAuth serverAuth).
If serverClientAuth (sslAuth serverClientAuth) must be used,
then add the Spectrum Protect server certificate as a trusted
certificate on the LDAP server.

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* All IBM Spectrum Protect server users.                       *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See ERROR DESCRIPTION.                                       *
****************************************************************
* RECOMMENDATION:                                              *
* Apply fixing level when available. This problem is currently *
* projected to be fixed in level 8.1.10. Note that this is     *
* subject to change at the discretion of IBM.                  *
****************************************************************

Problem conclusion

  • This problem was fixed.
Affected platforms for reported release:  AIX, Linux, and
Windows.
Platforms fixed:  AIX, Linux, and Windows.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT31582
    • 

  • Reported component name
    TSM SERVER
    • 

  • Reported component ID
    5698ISMSV
    • 

  • Reported release
    81A
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-01-20
    • 

  • Closed date
    2020-01-24
    • 

  • Last modified date
    2020-01-24
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    TSM SERVER
    • 

  • Fixed component ID
    5698ISMSV
    • 



Applicable component levels


    

  • R81A  PSY
       UP
    • 

  • R81L  PSY
       UP
    • 

  • R81W  PSY
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81A"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            15 September 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback