Orlando Galindo Posted January 13, 2018 Share Posted January 13, 2018 Hello Community, I am having some problems implementing my Azure Xennapp instance. I am wanting to be able to build a solution that would allow users to access the storefront through the netscaler with unified gateway via the web. I am able to access the landing page here but when I login with an Active directory account (with admin credentials) I get the following error: Note: I ensured the user account had the right memberOf configured in both netscaler and the active directory Here is the logs that shows the error when I encounter this error through the external web browser: GUI based error: XA-NetScaler [1142]: In ns_ldap_simple_bind: For user netadmin, ldap simple bind failed :Can't contact LDAP server CLI based error using the "cat /tmp/aaad.debug" command: root@XA-NetScaler# cat /tmp/aaad.debug Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[774]: process_kernel_socket partition id is 0 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[873]: process_kernel_socket call to authenticate user :netadmin, vsid :741 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[3110]: start_cascade_auth starting cascade authentication Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_drv.c[107]: start_ldap_auth Starting LDAP auth Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_drv.c[134]: start_ldap_auth attempting to auth netadmin @ 10.0.0.8 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_drv.c[137]: start_ldap_auth LDAP referrals are OFF Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_drv.c[138]: start_ldap_auth LDAP referral nesting depth 0 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[684]: continue_ldap_init Connecting to: 10.0.0.8:389 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[3383]: register_timer setting timer 12 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[3452]: unregister_timer releasing timer 12 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[757]: ns_ldap_set_up_socket Server certificate hostname = NULL Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[802]: ns_ldap_set_up_socket Set cert verify level 0 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[805]: ns_ldap_set_up_socket Getting cipher suite global value Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[808]: ns_ldap_set_up_socket Checking non-zero cipher suite Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[817]: ns_ldap_set_up_socket NULL cipher suite. Using default. Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[823]: ns_ldap_set_up_socket Freeing cipher suite value Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[830]: ns_ldap_set_up_socket Done with cipher suite Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[897]: ns_ldap_set_up_socket Sectype: 1 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/ldap_common.c[915]: ns_ldap_simple_bind ldap_simple_bind :Can't contact LDAP server Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[2621]: send_reject_with_code Rejecting with error code 4001 Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[2657]: send_reject_with_code Not trying cascade again Thu Jan 11 21:09:52 2018 /home/build/rs_111_50_2_RTM/usr.src/netscaler/aaad/naaad.c[2659]: send_reject_with_code sending reject to kernel for : netadmin Thu Jan 11 21:10:03 2018 I went onto the Netscaler VPX server via gui to test the connection to the ldap server and get the following error: Server '10.0.0.8' is reachable. Either port '389/tcp' is blocked or LDAP service is not running on this port. I then used "ldp.exe" to test both SSL port 636 and standard and tls port 389 connections: SSL connections fails: Note: I tried both IP and hostnames Standard connection succeeds: I have followed the online instructions mentioned here: http://www.carlstalhood.com/netscaler-gateway-ldap-authentication/#lb I ensured the firewall was allowing the following ports and I have even tried disabling the firewall completely: 389 636 3268 3269 I am working with the following version: > show version NetScaler NS11.1: Build 50.10.nc, Date: Nov 6 2016, 05:42:29 Done I set this environment up through the Microsoft Azure store which it seems to have automatically configured a majority of infrastructure already. I am able to access the storefront within the Azure domain but not externally through the web browser via the public IP/Netscaler Unified Gateway. I am not sure if this is having something to do with SSL or other forms of security certs, maybe a license limitation, etc. Any help would greatly be appreciated. Link to comment Share on other sites More sharing options...
Vamsi Krishna1709162168 Posted January 13, 2018 Share Posted January 13, 2018 Hi, NetScaler uses NSIP to communicate to LDAP Server. Did you turn off the software/Windows firewall? Are you able to do telnet on port 389 from NetScaler? >shell #telnet 10.0.0.8 389 Mostly below error will come when the LDAP service is not running or port is blocked. Server '10.0.0.8' is reachable. Either port '389/tcp' is blocked or LDAP service is not running on this port. Thanks, Vamsi Link to comment Share on other sites More sharing options...
CarlStalhood Posted January 13, 2018 Share Posted January 13, 2018 On NetScaler, did you enable TLS in the LDAP Server? If so, is a certificate installed on your Domain Controller? Link to comment Share on other sites More sharing options...
Orlando Galindo Posted January 15, 2018 Author Share Posted January 15, 2018 Hello Gentlemen, I tried connecting to the telnet but get the following error: root@XA-NetScaler# telnet 10.0.0.8 389 Trying 10.0.0.8... telnet: connect to address 10.0.0.8: Operation timed out telnet: Unable to connect to remote host I tried disabling the windows firewall on both the netscaler server and the storefront server but that didnt seem to help. I did use the ldp.exe tool as shown above and this part seems to be confusing and may very well be where the problem lies. As you can see from my ldp.exe tests it seems normal connection tests work but tls and ssl seems to fail. When I navigate to the netscaler, there seems to be some certs installed on there: But I noticed the CA cert doesnt have anything configured: Is this where the problem is? @Carl Stalhood, how would I be able to check if tls is enabled on the ldap, I am looking online and see people mentioning using the ldp.exe to test it. but to actually navigate the server to locate where the tls cert is and if it is configured on the ldap is coming up short in my search results. As I mentioned before, this was an auto-run installation for xenapp on azure. It was suppose to automatically setup everything to "work together" so I am not aware of where certain things are configured. It also setup the IIS and Storefront on a different server. Thanks again for your help. Link to comment Share on other sites More sharing options...
Vamsi Krishna1709162168 Posted January 16, 2018 Share Posted January 16, 2018 Hi, From 1st screenshot, I see you are using plain text. We do not require certificates here. For some reason, NetScaler is unable to reach the LDAP server on port 389. I understand that you are able to ping the LDAP server IP address seems the L3 connectivity is fine. You need to troubleshoot at L4. It could be of many reasons few of them are 1.where port is blocked 2.service is not running 3. Return traffic is blocked on firewall/windows Thanks, Vamsi 1 Link to comment Share on other sites More sharing options...
Orlando Galindo Posted January 16, 2018 Author Share Posted January 16, 2018 Thank you for your reply Vamsi, Yes you are correct. I am able to ping and successfully connect using the ldp.exe tool to the LDAP server on port 389. I have a few questions I hoped you could answer. 1) I checked the firewalls to make sure ports 389, 636, 3268, 3269 were not blocked. I did add UDP versions of the ports on the windows firewall and allowed it. 2) when you say "service is not running" which service are you referencing and where do I go to enable it? 3) Set aside from what I did in step one, I also went as far as totally disabling the windows firewall on both the netscaler, storefront, and AD servers, is there any other recommendations you would be able to provide? Thank you all for your time and patience in assisting me. I do not take it for granted and appreciate all that you do. Here is the netstat -ab output for the DC server (I noticed that port 389 is being used by lsass): C:\Users\netadmin>netstat -ab > C:\Users\netadmin\Desktop\netstat.txt Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:80 XA-DC:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:88 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:135 XA-DC:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:389 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:445 XA-DC:0 LISTENINGCan not obtain ownership information TCP 0.0.0.0:464 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:593 XA-DC:0 LISTENING RpcEptMapper [svchost.exe] TCP 0.0.0.0:636 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:3268 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:3269 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:3389 XA-DC:0 LISTENING TermService[svchost.exe] TCP 0.0.0.0:5985 XA-DC:0 LISTENINGCan not obtain ownership information TCP 0.0.0.0:9389 XA-DC:0 LISTENING[Microsoft.ActiveDirectory.WebServices.exe] TCP 0.0.0.0:47001 XA-DC:0 LISTENINGCan not obtain ownership information TCP 0.0.0.0:49152 XA-DC:0 LISTENING[wininit.exe] TCP 0.0.0.0:49153 XA-DC:0 LISTENING EventLoG[svchost.exe] TCP 0.0.0.0:49154 XA-DC:0 LISTENING Schedule[svchost.exe] TCP 0.0.0.0:49155 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:49157 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:49158 XA-DC:0 LISTENING[lsass.exe] TCP 0.0.0.0:49159 XA-DC:0 LISTENING[spoolsv.exe] TCP 0.0.0.0:49169 XA-DC:0 LISTENINGCan not obtain ownership information TCP 0.0.0.0:49174 XA-DC:0 LISTENING[dns.exe] TCP 0.0.0.0:49207 XA-DC:0 LISTENING[DFSRs.exe] TCP 0.0.0.0:49242 XA-DC:0 LISTENING[certsrv.exe] TCP 0.0.0.0:52990 XA-DC:0 LISTENING PolicyAgent[svchost.exe] TCP 10.0.0.8:53 XA-DC:0 LISTENING[dns.exe] TCP 10.0.0.8:139 XA-DC:0 LISTENINGCan not obtain ownership information TCP 10.0.0.8:389 XA-DC:59004 ESTABLISHED[lsass.exe] TCP 10.0.0.8:445 10.0.0.15:64606 ESTABLISHEDCan not obtain ownership information TCP 10.0.0.8:3389 XA-JUMPBOX:49666 ESTABLISHED TermService[svchost.exe] TCP 10.0.0.8:49166 1.6.129.16:http ESTABLISHED[WindowsAzureGuestAgent.exe] TCP 10.0.0.8:49211 1.6.129.16:http ESTABLISHED[WaAppAgent.exe] TCP 10.0.0.8:57845 blob:https ESTABLISHED[WindowsAzureGuestAgent.exe] TCP 10.0.0.8:58989 4.1.180.226:https ESTABLISHED[HealthService.exe] TCP 10.0.0.8:59004 XA-DC:ldap ESTABLISHED[WaAppAgent.exe] TCP 10.0.0.8:59022 4.1.180.226:https ESTABLISHED[HealthService.exe] TCP 10.0.0.8:59049 1.6.129.16:http ESTABLISHED[WindowsAzureTelemetryService.exe] TCP 127.0.0.1:53 XA-DC:0 LISTENING[dns.exe] TCP 127.0.0.1:10095 XA-DC:0 LISTENINGCan not obtain ownership information TCP [::]:80 XA-DC:0 LISTENINGCan not obtain ownership information TCP [::]:88 XA-DC:0 LISTENING[lsass.exe] TCP [::]:135 XA-DC:0 LISTENING RpcSs [svchost.exe] TCP [::]:389 XA-DC:0 LISTENING[lsass.exe] TCP [::]:445 XA-DC:0 LISTENINGCan not obtain ownership information TCP [::]:464 XA-DC:0 LISTENING[lsass.exe] TCP [::]:593 XA-DC:0 LISTENING RpcEptMapper [svchost.exe] TCP [::]:636 XA-DC:0 LISTENING[lsass.exe] TCP [::]:3268 XA-DC:0 LISTENING[lsass.exe] TCP [::]:3269 XA-DC:0 LISTENING[lsass.exe] TCP [::]:3389 XA-DC:0 LISTENING TermService[svchost.exe] TCP [::]:5985 XA-DC:0 LISTENINGCan not obtain ownership information TCP [::]:9389 XA-DC:0 LISTENING[Microsoft.ActiveDirectory.WebServices.exe] TCP [::]:47001 XA-DC:0 LISTENINGCan not obtain ownership information TCP [::]:49152 XA-DC:0 LISTENING[wininit.exe] TCP [::]:49153 XA-DC:0 LISTENING EventLoG[svchost.exe] TCP [::]:49154 XA-DC:0 LISTENING Schedule[svchost.exe] TCP [::]:49155 XA-DC:0 LISTENING[lsass.exe] TCP [::]:49157 XA-DC:0 LISTENING[lsass.exe] TCP [::]:49158 XA-DC:0 LISTENING[lsass.exe] TCP [::]:49159 XA-DC:0 LISTENING[spoolsv.exe] TCP [::]:49169 XA-DC:0 LISTENINGCan not obtain ownership information TCP [::]:49174 XA-DC:0 LISTENING[dns.exe] TCP [::]:49207 XA-DC:0 LISTENING[DFSRs.exe] TCP [::]:49242 XA-DC:0 LISTENING[certsrv.exe] TCP [::]:52990 XA-DC:0 LISTENING PolicyAgent[svchost.exe] TCP [::1]:53 XA-DC:0 LISTENING[dns.exe] TCP [::1]:389 XA-DC:49160 ESTABLISHED[lsass.exe] TCP [::1]:389 XA-DC:49161 ESTABLISHED[lsass.exe] TCP [::1]:389 XA-DC:57924 ESTABLISHED[lsass.exe] TCP [::1]:49155 XA-DC:54022 ESTABLISHED[lsass.exe] TCP [::1]:49160 XA-DC:ldap ESTABLISHED[ismserv.exe] TCP [::1]:49161 XA-DC:ldap ESTABLISHED[ismserv.exe] TCP [::1]:54022 XA-DC:49155 ESTABLISHED[Microsoft.ActiveDirectory.WebServices.exe] TCP [::1]:57924 XA-DC:ldap ESTABLISHED[dns.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:53 XA-DC:0 LISTENING[dns.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:389 XA-DC:57917 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:389 XA-DC:57918 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:389 XA-DC:57922 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49155 XA-DC:49204 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49155 XA-DC:49236 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49155 XA-DC:49310 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49155 XA-DC:53304 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49155 XA-DC:58793 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49204 XA-DC:49155 ESTABLISHED[DFSRs.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49236 XA-DC:49155 ESTABLISHED[certsrv.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:49310 XA-DC:49155 ESTABLISHED[lsass.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:53304 XA-DC:49155 ESTABLISHED[mmc.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:57917 XA-DC:ldap ESTABLISHED[dns.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:57918 XA-DC:ldap ESTABLISHED[DFSRs.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:57922 XA-DC:ldap ESTABLISHED[DFSRs.exe] TCP [fe80::c5ea:ccb0:95ca:e4e5%]:58793 XA-DC:49155 ESTABLISHED[dfssvc.exe] UDP 0.0.0.0:123 *:*W32Time[svchost.exe] UDP 0.0.0.0:389 *:*[lsass.exe] UDP 0.0.0.0:500 *:*IKEEXt[svchost.exe] UDP 0.0.0.0:3389 *:*TermService[svchost.exe] UDP 0.0.0.0:4500 *:*IKEEXt[svchost.exe] UDP 0.0.0.0:5355 *:*Dnscache[svchost.exe] UDP 10.0.0.8:53 *:*[dns.exe] UDP 10.0.0.8:88 *:*[lsass.exe] UDP 10.0.0.8:137 *:*Can not obtain ownership information UDP 10.0.0.8:138 *:*Can not obtain ownership information UDP 10.0.0.8:464 *:*[lsass.exe] UDP 127.0.0.1:53 *:*[dns.exe] UDP 127.0.0.1:50420 *:*[DFSRs.exe] UDP 127.0.0.1:53009 *:*[mmc.exe] UDP 127.0.0.1:53179 *:*[Microsoft.ActiveDirectory.WebServices.exe] UDP 127.0.0.1:54820 *:*[lsass.exe] UDP 127.0.0.1:55489 *:*[dns.exe] UDP 127.0.0.1:55490 *:*NlaSvc [svchost.exe] UDP 127.0.0.1:60944 *:*[ismserv.exe] UDP 127.0.0.1:61578 *:*[spoolsv.exe] UDP 127.0.0.1:62591 *:*[WaAppAgent.exe] UDP 127.0.0.1:62592 *:*[Explorer.EXE] UDP 127.0.0.1:62619 *:*vmicheartbeat[svchost.exe] UDP 127.0.0.1:63045 *:*SENS [svchost.exe] UDP 127.0.0.1:64061 *:*[certsrv.exe] UDP [::]:123 *:*W32Time[svchost.exe] UDP [::]:389 *:*[lsass.exe] UDP [::]:500 *:*IKEEXt[svchost.exe] UDP [::]:3389 *:*TermService[svchost.exe] UDP [::]:4500 *:*IKEEXt[svchost.exe] UDP [::]:5355 *:*Dnscache[svchost.exe] UDP [::1]:53 *:*[dns.exe] UDP [::1]:56573 *:*[dns.exe] UDP [fe80::c5ea:ccb0:95ca:e4e5%]:53 *:*[dns.exe] UDP [fe80::c5ea:ccb0:95ca:e4e5%]:88 *:*[lsass.exe] UDP [fe80::c5ea:ccb0:95ca:e4e5%]:464 *:*[lsass.exe] Link to comment Share on other sites More sharing options...
Vamsi Krishna1709162168 Posted January 17, 2018 Share Posted January 17, 2018 Hi, Next steps would be take packet capture on NetScaler and LDAP server. A quick tcpdump will also help us >shell #nstcpdump.sh port 389 Thanks, Vamsi 1 Link to comment Share on other sites More sharing options...
Orlando Galindo Posted January 17, 2018 Author Share Posted January 17, 2018 Hello Vamsi, Thank you for your response. I ran tcpdump on the server while trying to connect to it via the netscaler web gui and here is the output below: root@XA-NetScaler# nstcpdump.sh port 389 reading from file -, link-type EN10MB (Ethernet) 19:04:24.161798 IP 10.0.0.11.64387 > 10.0.0.8.389: Flags [S], seq 2545940457, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 585284827 ecr 0], length 0 19:04:27.227299 IP 10.0.0.11.64387 > 10.0.0.8.389: Flags [S], seq 2545940457, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 585287910 ecr 0], length 0 Please let me know if there is anything else I should do in addition. In addition, I noticed this out put from running this command: /bin/cat '/var/log/nsvpn.log' | tail +0@kpmg.onmicrosoft.com It looks like it is trying to use my Microsoft Azure account to log in? not sure if this is related: Dec 13 00:32:03 <local1.info> XA-NetScaler [1142]: In start_ldap_auth: attempting to do ldap auth for smith@kpmg.com @ 10.0.0.8 Dec 13 00:32:14 <local1.info> XA-NetScaler [1142]: In start_ldap_auth: attempting to do ldap auth for GO-smith@kpmg.onmicrosoft.com @ 10.0.0.8 Jan 10 01:22:47 <local1.err> XA-NetScaler [1142]: In ns_ldap_simple_bind: For user netadmin, ldap simple bind failed :Can't contact LDAP server error Jan 10 01:22:47 <local1.err> XA-NetScaler [1142]: In ns_ldap_simple_bind: For user netadmin, ldap simple bind failed :Can't contact LDAP server Jan 10 01:22:47 <local1.info> XA-NetScaler [1142]: In start_ldap_auth: attempting to do ldap auth for netadmin @ 10.0.0.8 Jan 10 01:22:47 <local1.info> XA-NetScaler [1142]: In ns_ldap_set_up_socket: Server certificate hostname =NULL Jan 10 01:22:47 <local1.info> XA-NetScaler [1142]: In ns_ldap_set_up_socket: Successfully established connection to NULL Link to comment Share on other sites More sharing options...
Vamsi Krishna1709162168 Posted January 18, 2018 Share Posted January 18, 2018 (edited) Hi, From the below output, I see only SYN to the server, no SYN,ACK from the server root@XA-NetScaler# nstcpdump.sh port 389 reading from file -, link-type EN10MB (Ethernet) 19:04:24.161798 IP 10.0.0.11.64387 > 10.0.0.8.389: Flags , seq 2545940457, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 585284827 ecr 0], length 0 19:04:27.227299 IP 10.0.0.11.64387 > 10.0.0.8.389: Flags , seq 2545940457, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 585287910 ecr 0], length 0 Worth of checking with the server and Network team for the port. I see you are in the same subnet. Are you able to telnet to the LDAP server on port 389 from any other source apart from 10.0.0.11? Thanks, Vamsi Edited January 18, 2018 by vamsi1993krishna Not sure why lines have strikes Link to comment Share on other sites More sharing options...
Orlando Galindo Posted January 18, 2018 Author Share Posted January 18, 2018 Hello Vamsi, Yes, it seems the server doesnt SYN and ACK the connection and I am not sure why. I have disabled the enabled the ports and disabled firewalls. If you reference the netstat output from the server in the previous post, you can see the ports are active/listening. I think it is using lsass.exe, i did notice some ports labeled ldap and tried them during the connection but to no avail. Please advise, thank you. Link to comment Share on other sites More sharing options...
Orlando Galindo Posted January 18, 2018 Author Share Posted January 18, 2018 here is a tcpdump of against other ports from the netstat on the server listed in relation to ldap root@XA-NetScaler# nstcpdump.sh host 10.0.0.8 reading from file -, link-type EN10MB (Ethernet) 19:11:02.418166 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 54685, seq 0, length 64 19:11:02.418170 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 54685, seq 0, length 64 19:11:03.426839 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 54685, seq 1, length 64 19:11:03.426843 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 54685, seq 1, length 64 19:11:04.490022 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 54685, seq 2, length 64 19:11:04.490025 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 54685, seq 2, length 64 19:11:04.491982 IP 10.0.0.11.35659 > 10.0.0.8.57922: Flags [S], seq 2339170743, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672085313 ecr 0], length 0 19:11:04.491987 IP 10.0.0.8.57922 > 10.0.0.11.35659: Flags [R.], seq 0, ack 2339170744, win 8212, length 0 19:11:55.113258 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 55709, seq 0, length 64 19:11:55.113261 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 55709, seq 0, length 64 19:11:56.118444 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 55709, seq 1, length 64 19:11:56.118447 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 55709, seq 1, length 64 19:11:57.119582 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 55709, seq 2, length 64 19:11:57.119586 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 55709, seq 2, length 64 19:11:57.121611 IP 10.0.0.11.16343 > 10.0.0.8.57917: Flags [S], seq 823335910, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672138241 ecr 0], length 0 19:11:57.121615 IP 10.0.0.8.57917 > 10.0.0.11.16343: Flags [R.], seq 0, ack 823335911, win 8212, length 0 19:12:04.284300 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 56989, seq 0, length 64 19:12:04.284304 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 56989, seq 0, length 64 19:12:05.311461 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 56989, seq 1, length 64 19:12:05.311465 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 56989, seq 1, length 64 19:12:06.320609 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 56989, seq 2, length 64 19:12:06.320613 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 56989, seq 2, length 64 19:12:06.322629 IP 10.0.0.11.31759 > 10.0.0.8.57918: Flags [S], seq 927445884, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672147494 ecr 0], length 0 19:12:06.322633 IP 10.0.0.8.57918 > 10.0.0.11.31759: Flags [R.], seq 0, ack 927445885, win 8212, length 0 19:12:23.237857 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 58013, seq 0, length 64 19:12:23.237861 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 58013, seq 0, length 64 19:12:24.246557 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 58013, seq 1, length 64 19:12:24.246561 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 58013, seq 1, length 64 19:12:25.257684 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 58013, seq 2, length 64 19:12:25.257688 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 58013, seq 2, length 64 19:12:25.259713 IP 10.0.0.11.54060 > 10.0.0.8.49160: Flags [S], seq 4179463858, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672166538 ecr 0], length 0 19:12:25.259721 IP 10.0.0.8.49160 > 10.0.0.11.54060: Flags [R.], seq 0, ack 4179463859, win 8212, length 0 19:12:33.535045 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 58781, seq 0, length 64 19:12:33.535049 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 58781, seq 0, length 64 19:12:34.537723 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 58781, seq 1, length 64 19:12:34.537726 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 58781, seq 1, length 64 19:12:35.539390 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 58781, seq 2, length 64 19:12:35.539394 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 58781, seq 2, length 64 19:12:35.540872 IP 10.0.0.11.10017 > 10.0.0.8.49161: Flags [S], seq 999877845, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672176878 ecr 0], length 0 19:12:35.540876 IP 10.0.0.8.49161 > 10.0.0.11.10017: Flags [R.], seq 0, ack 999877846, win 8212, length 0 19:12:45.078926 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 59549, seq 0, length 64 19:12:45.078930 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 59549, seq 0, length 64 19:12:46.084095 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 59549, seq 1, length 64 19:12:46.084099 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 59549, seq 1, length 64 19:12:47.095878 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 59549, seq 2, length 64 19:12:47.095881 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 59549, seq 2, length 64 19:12:47.097795 IP 10.0.0.11.20876 > 10.0.0.8.57924: Flags [S], seq 1133343957, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672188499 ecr 0], length 0 19:12:47.097801 IP 10.0.0.8.57924 > 10.0.0.11.20876: Flags [R.], seq 0, ack 1133343958, win 8212, length 0 19:12:57.504455 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 60317, seq 0, length 64 19:12:57.504459 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 60317, seq 0, length 64 19:12:58.517659 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 60317, seq 1, length 64 19:12:58.517662 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 60317, seq 1, length 64 19:12:59.567814 IP 10.0.0.11 > 10.0.0.8: ICMP echo request, id 60317, seq 2, length 64 19:12:59.567818 IP 10.0.0.8 > 10.0.0.11: ICMP echo reply, id 60317, seq 2, length 64 19:12:59.569830 IP 10.0.0.11.61568 > 10.0.0.8.389: Flags [S], seq 4075336417, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672201042 ecr 0], length 0 19:13:02.626313 IP 10.0.0.11.61568 > 10.0.0.8.389: Flags [S], seq 4075336417, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 672204117 ecr 0], length 0 ^Ctcpdump: pcap_loop: error reading dump file: Interrupted system call root@XA-NetScaler# Link to comment Share on other sites More sharing options...
Chandrasekhar Reddy Posted October 4, 2019 Share Posted October 4, 2019 Hi orlandogalindo@kpmg.com , Is this issue got fixed for you ? As i am also facing the same issue. In case if you found any solution, can you please help me out? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now