Skip to main content

We've been using LDAPS for some time without issue. It recently stopped working sometime over spring break when not in regular use. SSL certificate had expired on 03/30, so the new/current SSL certificate was uploaded but the issue is still not resolved. No other settings have been changed, firewall or otherwise.

Test simply returns, "Unable to connect to the LDAP Server." "No Suggestions Available".

Cloud logs don't seem to provide anything more specific. I'm not sure what may have changed to cause this issue; may have been Windows Updates on the LDAP servers, or possibly something on the JAMF Cloud side?

JIM was a bit behind, so updated it from 2.2.2 to 2.4.0 and rebooted with no change.

I can connect using regular LDAP (non-secure/test-only). Somehow there's a problem with the certificate, I just don't know what it is or where to find more specifics. The Subject and SAN both match the FQDN of the host, as expected. And as I said, this has been working without issues for several years, only requiring a new SSL cert when the uploaded one has expired.

Any assistance appreciated.

What do the logs on your LDAP server say? If there is rejected traffic there should be logs eluding to why it was rejected. 

The error message indicates, "The client and server cannot communicate, because they do not possess a common algorithm."

This is coming from the JIM instance to the LDAP server. So my best guess is that JIM is using a cipher suite that is no longer supported by the DC, probably due to a recent Windows security update.

...but no idea how to resolve this. I plan to up the logging on the DC to see if any further useful info is generated.

In case anyone is following this or runs into the same issue, I found that installing the latest version of Java (Corretto) resolved the issue. Jamf must have run an update at some point that didn't agree with the 11.0.10 version we were running. Upgraded to 11.0.18.10.1

Terms & ConditionsCookie settingsAccessibility statement