ServiceNow KB: LDAP through vpn ErrorCode: 10301 (KB0725650)

Description

This issue if related to a JDK bug. https://bugs.openjdk.java.net/browse/JDK-8075484

When connect with encrypted VPN LDAP test connection failed intermittent getting 10301 socket connection errors.

This issue related to the Java JDK library bug, is fixed in the JDK 9, ServiceNow is currently on JDK 8

The JDK upgrade cannot apply on a single instance, it has to upgrade to all platform, right now there is no plan to upgrade JDK at ServiceNow platform
Checking the logs I am seeing:

Your next step would be to talk this information to the ldap server provider, Microsoft I would assume. Show them the bug
ask what they can do to resolve. Other option would be to setup ldap to not use VPN but use a mid server:

https://docs.servicenow.com/bundle/london-platform-administration/page/integrate/ldap/concept/c_LDAPIntegrationViaMIDServer.html

Error in System Log:

22:50:06.496 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : 204.68.34.195:389
22:50:06.497 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : Communication error: 204.68.34.195:389
22:50:06.497 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : java.net.SocketTimeoutException: connect timed out
22:50:06.498 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : 204.68.34.194:389
22:50:06.498 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : Communication error: 204.68.34.194:389
22:50:06.498 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : java.net.SocketTimeoutException: connect timed out
22:50:06.504 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : 204.68.34.193:389
22:50:06.504 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : Communication error: 204.68.34.193:389
22:50:06.504 Info ldap.connection.tester SYSTEM LDAP API - LDAPLogger : java.net.SocketTimeoutException: connect timed out
22:50:06.513 Error worker.5 worker.5 txid=c179667d1bd7 SEVERE *** ERROR *** LDAP: LDAP Server: tmc.tmcaz.com URL: ldap://<ldpap server name>:389/ failed scheduled connection test. ErrorCode: 10301. ErrorMessage: Connection timed out, failed to connect to server.

The vpn connection test will work if you check it.

The telnet from the app node to the ldap server address will also work.

This occurs intermittent when the ldap listener connection test is run from ServiceNow, you will see the error in the system logs during that time.

Notifications

Description

Article Information