Guest

Preview Tool

Cisco Bug: CSCuq93168 - VCS does not send bind/hello to LDAP using port 636 for User Auth

Last Modified

Sep 12, 2019

Products (3)

  • Cisco TelePresence Video Communication Server (VCS)
  • Cisco TelePresence Video Communication Server Model
  • Cisco Expressway

Known Affected Releases

X8.1.1

Description (partial)

Symptom:
When VCS is configured for "Service Records" under (VCS > Users > LDAP configuration), you do not have the option to select a port number. VCS will send out a DNS SRV query for ?_ldap._tcp.<domain>? and will rely on DNS to provide the port number as specified in the SRV. By default, ?_ldap._tcp.<domain>? is usually port 389 for non-secure. If you change the SRV record to use port 636, VCS will not send a ?Bind Request? or ?Hello? to LDAP over port 636. Instead, it will negotiate a TCP handshake to port 636, then send a "Continuation Data" packet instead. LDAP will then reset the TCP connection with a [RST, ACK]. The same process works correctly when the SRV record is set to use port 389.

Conditions:
Attempting VCS User Authentication to DLAP over port 636 with either TCP or TLS
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.