Messaging Gateway

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

I don't know, but I haven't received any alerts about those errors..

I don't have many options checked under alerts -> events - I have just checked "scheduled taks fails" in case that gives me a warning about backups, but honestly understanding what settings apply to which components of SMG has always been mysterious to me.
Original Message:
Sent: Jan 11, 2023 06:28 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

Show a pic of your alert settings pls.


Original Message:
Sent: 1/11/2023 6:37:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

I don't know, but I haven't received any alerts about those errors..

I don't have many options checked under alerts -> events - I have just checked "scheduled taks fails" in case that gives me a warning about backups, but honestly understanding what settings apply to which components of SMG has always been mysterious to me.
Original Message:
Sent: Jan 11, 2023 06:28 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

Original Message:
Sent: Jan 11, 2023 06:40 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

Show a pic of your alert settings pls.


Original Message:
Sent: 1/11/2023 6:37:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

I don't know, but I haven't received any alerts about those errors..

I don't have many options checked under alerts -> events - I have just checked "scheduled taks fails" in case that gives me a warning about backups, but honestly understanding what settings apply to which components of SMG has always been mysterious to me.
Original Message:
Sent: Jan 11, 2023 06:28 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

So now u gonna do what to stop it


Original Message:
Sent: 1/11/2023 6:48:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

And sure enough, since checking "scheduled taks failures" I now have email warning about backup failures...

Original Message:
Sent: Jan 11, 2023 06:40 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

Show a pic of your alert settings pls.


Original Message:
Sent: 1/11/2023 6:37:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

I don't know, but I haven't received any alerts about those errors..

I don't have many options checked under alerts -> events - I have just checked "scheduled taks fails" in case that gives me a warning about backups, but honestly understanding what settings apply to which components of SMG has always been mysterious to me.
Original Message:
Sent: Jan 11, 2023 06:28 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

I tried running an unscheduled backup, and that returned successful, so I guess I'm going to ignore it and run manual backups, although why I'm even bothering to back up a system with errors is going to cause me to query my sanity.
Original Message:
Sent: Jan 11, 2023 06:49 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

So now u gonna do what to stop it


Original Message:
Sent: 1/11/2023 6:48:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

And sure enough, since checking "scheduled taks failures" I now have email warning about backup failures...

Original Message:
Sent: Jan 11, 2023 06:40 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

Show a pic of your alert settings pls.


Original Message:
Sent: 1/11/2023 6:37:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

I don't know, but I haven't received any alerts about those errors..

I don't have many options checked under alerts -> events - I have just checked "scheduled taks fails" in case that gives me a warning about backups, but honestly understanding what settings apply to which components of SMG has always been mysterious to me.
Original Message:
Sent: Jan 11, 2023 06:28 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

Well. Thanks for the info. Glad I ain’t the only one


Original Message:
Sent: 1/11/2023 6:59:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

I tried running an unscheduled backup, and that returned successful, so I guess I'm going to ignore it and run manual backups, although why I'm even bothering to back up a system with errors is going to cause me to query my sanity.
Original Message:
Sent: Jan 11, 2023 06:49 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

So now u gonna do what to stop it


Original Message:
Sent: 1/11/2023 6:48:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

And sure enough, since checking "scheduled taks failures" I now have email warning about backup failures...

Original Message:
Sent: Jan 11, 2023 06:40 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

Show a pic of your alert settings pls.


Original Message:
Sent: 1/11/2023 6:37:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

I don't know, but I haven't received any alerts about those errors..

I don't have many options checked under alerts -> events - I have just checked "scheduled taks fails" in case that gives me a warning about backups, but honestly understanding what settings apply to which components of SMG has always been mysterious to me.
Original Message:
Sent: Jan 11, 2023 06:28 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

Actually, no I'm not, it only stores 3 manual backups, I might revert to the one I did before I upgraded before I lose the option forever....
Original Message:
Sent: Jan 11, 2023 06:58 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I tried running an unscheduled backup, and that returned successful, so I guess I'm going to ignore it and run manual backups, although why I'm even bothering to back up a system with errors is going to cause me to query my sanity.
Original Message:
Sent: Jan 11, 2023 06:49 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

So now u gonna do what to stop it


Original Message:
Sent: 1/11/2023 6:48:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

And sure enough, since checking "scheduled taks failures" I now have email warning about backup failures...

Original Message:
Sent: Jan 11, 2023 06:40 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

Show a pic of your alert settings pls.


Original Message:
Sent: 1/11/2023 6:37:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

I don't know, but I haven't received any alerts about those errors..

I don't have many options checked under alerts -> events - I have just checked "scheduled taks fails" in case that gives me a warning about backups, but honestly understanding what settings apply to which components of SMG has always been mysterious to me.
Original Message:
Sent: Jan 11, 2023 06:28 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

You turned them off how?


Original Message:
Sent: 1/11/2023 6:26:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

Oh wow, I obviously have conduit alerts off or turned down, Wed - Sun looks like I had 4am "callback aborted (52) errors, but then none until this morning (about the same time I applied the patch). Do I want to look back further than the last week?
At least conduit doesn't appear to have stopped here.
Original Message:
Sent: Jan 11, 2023 06:13 AM
From: Alexander Sanita
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

I still get backup errors, 4 am conduit stopped errors. All the fixes published by broadcom = zero.

They have this host fix = nope

They have this patch = nope

I had to turn off the backups and the conduit 4 am still wakes me up as an alert.

Yuk.


Original Message:
Sent: 1/11/2023 6:06:00 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

After further investigation I am unable to match up the times of DDS errors with the send times of failed messages, it looks as though SMG is simply refusing to let our internal mail server connect. Postfix simply returns :
<recipient email address>: connect to XXX.XXX.XXX.12{XXX.XXX.XXX.12]:25: Connection refused
I am not able to elicit any information from postfix as to why the connection is being refused, and I am my wits end trying to work out  where, if anywhere in SMG logs I can find any information about these connection attempts.

In contrast the internal mail server is happily accepting connections from SMG, postfix is succeeding in its LDAP lookups and delivering to the correct cyrus mailboxes so we are receiving mail just fine, but as far as I can tell, we cannot now send any. Attempts to flush the postfix queue have failed. I really need to understand why SMG is refusing the connection and determine whether I need to be trying to fix postix or SMG.
Original Message:
Sent: Jan 11, 2023 06:05 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

yuk


Original Message:
Sent: 1/12/2023 8:57:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

After further investigation I am unable to match up the times of DDS errors with the send times of failed messages, it looks as though SMG is simply refusing to let our internal mail server connect. Postfix simply returns :
<recipient email address>: connect to XXX.XXX.XXX.12{XXX.XXX.XXX.12]:25: Connection refused
I am not able to elicit any information from postfix as to why the connection is being refused, and I am my wits end trying to work out  where, if anywhere in SMG logs I can find any information about these connection attempts.

In contrast the internal mail server is happily accepting connections from SMG, postfix is succeeding in its LDAP lookups and delivering to the correct cyrus mailboxes so we are receiving mail just fine, but as far as I can tell, we cannot now send any. Attempts to flush the postfix queue have failed. I really need to understand why SMG is refusing the connection and determine whether I need to be trying to fix postix or SMG.
Original Message:
Sent: Jan 11, 2023 06:05 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)

After further investigation I may have resolved this, details in my other thread:
https://community.broadcom.com/symantecenterprise/discussion/outgoing-connection-refused
Original Message:
Sent: Jan 12, 2023 01:38 PM
From: alexander-smg
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

yuk


Original Message:
Sent: 1/12/2023 8:57:00 AM
From: Jim Wallis
Subject: RE: Since upgrade to 10.8 we get frequent Directory Data Service errors

After further investigation I am unable to match up the times of DDS errors with the send times of failed messages, it looks as though SMG is simply refusing to let our internal mail server connect. Postfix simply returns :
<recipient email address>: connect to XXX.XXX.XXX.12{XXX.XXX.XXX.12]:25: Connection refused
I am not able to elicit any information from postfix as to why the connection is being refused, and I am my wits end trying to work out  where, if anywhere in SMG logs I can find any information about these connection attempts.

In contrast the internal mail server is happily accepting connections from SMG, postfix is succeeding in its LDAP lookups and delivering to the correct cyrus mailboxes so we are receiving mail just fine, but as far as I can tell, we cannot now send any. Attempts to flush the postfix queue have failed. I really need to understand why SMG is refusing the connection and determine whether I need to be trying to fix postix or SMG.
Original Message:
Sent: Jan 11, 2023 06:05 AM
From: Jim Wallis
Subject: Since upgrade to 10.8 we get frequent Directory Data Service errors

It may or may not be coincidence that shortly after updating to 10.8 I started getting DDS error messages.

We are using an LDAP connection to windows 2012 R2 AD domain controller (and I have already rolled back windows updates just prior to the errors starting) which has been working reliably for the previous 18 months or so. Obviously I always get one such message when the DC is rebooting after a windows update but I know that is simply because the directory was briefly offline.

The audit logs are showing that lookups sometimes timeout connecting to the directory.

Every time I have manually tested the connection from the control centre, for all types of lookups, I get a result back right away and cannot replicate the timeout.

We currently have 3 users active (including myself) and about 6 aliases so we shouldn't be taxing the connection too much, although I am seeing evidence in the logs of more brute force attempts than I get messages for (presumably clever enough to spread usernames accross enough IP addresses to avoid being flagged for repeats within 15 minutes), so it may just be excessive lookups?

I had a feeling that the timeouts were occurring more on outgoing mail than incoming, but in retrospect thats probably because I only see when outbound messages are delayed as a result.

Is anyone else having a similar problem since upgrading to 10.8 or is that just coincidence?
Do I just need to tune how the DC handles LDAP requests? I am aware that 2012 R2 is nearly EEOL but getting the boss to do anything about it in advance is like banging my head against a wall.

(Not a pro, just the guy in a small business who also does the IT)