Security

I am using ClearPass 6.10.0.180076 with Google Secure LDAP Connector 1.2.4 to connect to Google LDAP, providing 802.1x authentication for Cisco wireless users (EAP-GTC for Apple devices and EAP-TTLS for Windows). Overall, it works fine, but the Google Connector logs occasionally show an error: Error: read ECONNRESET. Network tests from ClearPass to ldap.google.com indicate that the connection is good. At first, we suspected it might be an issue with the session mechanism of the FortiGate firewall, so we tried changing the session ttl from the default 3600s to 7200s, and also tried shortening it to 600s, but neither resolved the error.

Below are the connector's configuration and the log entries showing the error. I am seeking assistance with this issue.

-----------connector's configuration-----------

{
    "port": 1636,
    "verifySSLCerts": false,
    "logLevel": "DEBUG",
    "enableStats": false,
    "asyncOperationLimit": "10",
    "asyncOperationLimitExternal": "10",
    "statsUsername": "",
    "statsPassword": "********"
}

--------------errors in log of connector---------------

[2024-08-12T23:54:14.946] [ERROR] Google - p.error: read ECONNRESET[2024-08-12T23:54:14.947] [ERROR] Google - Error: read ECONNRESET    at TLSWrap.onStreamRead (node:internal/stream_base_commons:218:20) {  errno: -104,  code: 'ECONNRESET',  syscall: 'read'}

Because you mention that this is intermittent, could it be that you overload the Google LDAP server? Many cloud services limit the amount of requests that you can send to a certain number per second/minute/hour/day, to protect against Denial of Service or excessive use of resources.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 12, 2024 12:05 PM
From: lyndonliu
Subject: The CPPM's Google Secure LDAP Connector log shows Error: read ECONNRESET.

I am using ClearPass 6.10.0.180076 with Google Secure LDAP Connector 1.2.4 to connect to Google LDAP, providing 802.1x authentication for Cisco wireless users (EAP-GTC for Apple devices and EAP-TTLS for Windows). Overall, it works fine, but the Google Connector logs occasionally show an error: Error: read ECONNRESET. Network tests from ClearPass to ldap.google.com indicate that the connection is good. At first, we suspected it might be an issue with the session mechanism of the FortiGate firewall, so we tried changing the session ttl from the default 3600s to 7200s, and also tried shortening it to 600s, but neither resolved the error.

Below are the connector's configuration and the log entries showing the error. I am seeking assistance with this issue.

-----------connector's configuration-----------

{
    "port": 1636,
    "verifySSLCerts": false,
    "logLevel": "DEBUG",
    "enableStats": false,
    "asyncOperationLimit": "10",
    "asyncOperationLimitExternal": "10",
    "statsUsername": "",
    "statsPassword": "********"
}

--------------errors in log of connector---------------

[2024-08-12T23:54:14.946] [ERROR] Google - p.error: read ECONNRESET[2024-08-12T23:54:14.947] [ERROR] Google - Error: read ECONNRESET    at TLSWrap.onStreamRead (node:internal/stream_base_commons:218:20) {  errno: -104,  code: 'ECONNRESET',  syscall: 'read'}

Thanks for your reply.

However, I am encountering the same error in the my LAB, which uses a different public IP to access Google. In the LAB environment, only one script runing testaaa  to initiate one auth test every 10 minutes.

Original Message:
Sent: Aug 13, 2024 03:11 AM
From: Herman Robers
Subject: The CPPM's Google Secure LDAP Connector log shows Error: read ECONNRESET.

Because you mention that this is intermittent, could it be that you overload the Google LDAP server? Many cloud services limit the amount of requests that you can send to a certain number per second/minute/hour/day, to protect against Denial of Service or excessive use of resources.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 12, 2024 12:05 PM
From: lyndonliu
Subject: The CPPM's Google Secure LDAP Connector log shows Error: read ECONNRESET.

I am using ClearPass 6.10.0.180076 with Google Secure LDAP Connector 1.2.4 to connect to Google LDAP, providing 802.1x authentication for Cisco wireless users (EAP-GTC for Apple devices and EAP-TTLS for Windows). Overall, it works fine, but the Google Connector logs occasionally show an error: Error: read ECONNRESET. Network tests from ClearPass to ldap.google.com indicate that the connection is good. At first, we suspected it might be an issue with the session mechanism of the FortiGate firewall, so we tried changing the session ttl from the default 3600s to 7200s, and also tried shortening it to 600s, but neither resolved the error.

Below are the connector's configuration and the log entries showing the error. I am seeking assistance with this issue.

-----------connector's configuration-----------

{
    "port": 1636,
    "verifySSLCerts": false,
    "logLevel": "DEBUG",
    "enableStats": false,
    "asyncOperationLimit": "10",
    "asyncOperationLimitExternal": "10",
    "statsUsername": "",
    "statsPassword": "********"
}

--------------errors in log of connector---------------

[2024-08-12T23:54:14.946] [ERROR] Google - p.error: read ECONNRESET[2024-08-12T23:54:14.947] [ERROR] Google - Error: read ECONNRESET    at TLSWrap.onStreamRead (node:internal/stream_base_commons:218:20) {  errno: -104,  code: 'ECONNRESET',  syscall: 'read'}

I am using ClearPass 6.10.0.180076 with Google Secure LDAP Connector 1.2.4 to connect to Google LDAP, providing 802.1x authentication for Cisco wireless users (EAP-GTC for Apple devices and EAP-TTLS for Windows). Overall, it works fine, but the Google Connector logs occasionally show an error: Error: read ECONNRESET. Network tests from ClearPass to ldap.google.com indicate that the connection is good. At first, we suspected it might be an issue with the session mechanism of the FortiGate firewall, so we tried changing the session ttl from the default 3600s to 7200s, and also tried shortening it to 600s, but neither resolved the error.

Below are the connector's configuration and the log entries showing the error. I am seeking assistance with this issue.

-----------connector's configuration-----------

{
    "port": 1636,
    "verifySSLCerts": false,
    "logLevel": "DEBUG",
    "enableStats": false,
    "asyncOperationLimit": "10",
    "asyncOperationLimitExternal": "10",
    "statsUsername": "",
    "statsPassword": "********"
}

--------------errors in log of connector---------------

[2024-08-12T23:54:14.946] [ERROR] Google - p.error: read ECONNRESET[2024-08-12T23:54:14.947] [ERROR] Google - Error: read ECONNRESET    at TLSWrap.onStreamRead (node:internal/stream_base_commons:218:20) {  errno: -104,  code: 'ECONNRESET',  syscall: 'read'}