Multiple notifications indicating that InterScan Messaging Security Virtual Appliance (IMSVA) cannot connect to the LDAP server

Product / Version includes:

Interscan Messaging Security Virtual Appliance8.5

Last updated: 2021/08/28

Solution ID: KA-0003146

Category: Troubleshoot

Summary

You receive several policy server notifications that IMSVA is unable to connect to the LDAP server with the following subject:

Policy Server can not connect to LDAP server for user and group querying, rule matching stop.

You are concerned that configured policies are not being applied to the mail because of this failed connection to the LDAP server.

Once the IMSVA policy server starts, it will create an LDAP connection pool. If the policy server needs to query the LDAP server, it will use one LDAP connection and return it to the pool afterwards.

If the following events occur during the process, IMSVA will not be able to query the LDAP server and a notification will be sent every three minutes:

LDAP connections are reset.
LDAP server is temporarily unavailable.
IMSVA queries the LDAP server and connection times out.

However, the appropriate rules will still be applied to emails because an LDAP cache is stored in IMSVA. The email processing will not stop.

To verify if policies were applied

Run tcpdump on the IMSVA server and limit the capture to the LDAP server only. When the customer receives an email notification, stop tcpdump and check the actual event between the LDAP server and IMSVA.

For further analysis, collect the imss.mgr and log.imss debug logs. For the procedure, refer to this KB article: Debugging the InterScan Messaging Virtual Appliance (IMSVA) 7.0 application.

To decrease the number of policy notifications received

Increase the time interval between notifications so that IMSVA will not notify multiple times for a single event:

Go to the /opt/trend/imss/config folder and open the imss.ini file.
Add the following:
[policy_server]
ldapserver_notify_interval=3

Increase the time interval by replacing the default value “3” with a higher value.
Save the changes and close the file.
Restart the /opt/trend/imss/S99POLICY script by running the following command:
# /opt/trend/imss/S99POLICY restart

To disable LDAP lookup

While IMSVA 8.0 and later are somewhat smarter than IMSVA 7.0 concerning the use of LDAP queries when no rule contains LDAP users. You can disable LDAP for policy evaluation under the following conditions:

The Internal Addresses list does not contain any LDAP user or group.
No policy is making use of a LDAP user or group.
IP Profiler is disabled.

To disable

Edit the imss.ini file.
Under the [policy_server] section, add the following line:
disableldap=yes

If [policy_server] section does not exist, add it at the bottom of the file including the parameter.

Ex:
[policy_server]
disableldap=yes
Save the changes.
Restart the following services:
- Trend Micro IMSS Scan Service
- Trend Micro IMSS Policy Service

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Multiple notifications indicating that InterScan Messaging Security Virtual Appliance (IMSVA) cannot connect to the LDAP server

Multiple notifications indicating that InterScan Messaging Security Virtual Appliance (IMSVA) cannot connect to the LDAP server

Product / Version includes:

Summary