Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Multiple notifications indicating that InterScan Messaging Security Virtual Appliance (IMSVA) cannot connect to the LDAP server

    • Updated:
    • 26 Sep 2016
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • Platform:
    • N/A N/A
Summary

You receive several policy server notifications that IMSVA is unable to connect to the LDAP server with the following subject:

Policy Server can not connect to LDAP server for user and group querying, rule matching stop.

You are concerned that configured policies are not being applied to the mail because of this failed connection to the LDAP server.

Details
Public

Once the IMSVA policy server starts, it will create an LDAP connection pool. If the policy server needs to query the LDAP server, it will use one LDAP connection and return it to the pool afterwards.

If the following events occur during the process, IMSVA will not be able to query the LDAP server and a notification will be sent every three minutes:

  • LDAP connections are reset.
  • LDAP server is temporarily unavailable.
  • IMSVA queries the LDAP server and connection times out.

However, the appropriate rules will still be applied to emails because an LDAP cache is stored in IMSVA. The email processing will not stop.

To verify if policies were applied

Run tcpdump on the IMSVA server and limit the capture to the LDAP server only. When the customer receives an email notification, stop tcpdump and check the actual event between the LDAP server and IMSVA.

For further analysis, collect the imss.mgr and log.imss debug logs. For the procedure, refer to this KB article: Debugging the InterScan Messaging Virtual Appliance (IMSVA) 7.0 application.

To decrease the number of policy notifications received

Increase the time interval between notifications so that IMSVA will not notify multiple times for a single event:

  1. Go to the /opt/trend/imss/config folder and open the imss.ini file.
  2. Add the following:

    [policy_server]
    ldapserver_notify_interval=3

    Increase the time interval by replacing the default value “3” with a higher value.

  3. Save the changes and close the file.
  4. Restart the /opt/trend/imss/S99POLICY script by running the following command:

    # /opt/trend/imss/S99POLICY restart

To disable LDAP lookup

While IMSVA 8.0 and later are somewhat smarter than IMSVA 7.0 concerning the use of LDAP queries when no rule contains LDAP users. You can disable LDAP for policy evaluation under the following conditions:

  • The Internal Addresses list does not contain any LDAP user or group.
  • No policy is making use of a LDAP user or group.
  • IP Profiler is disabled.

To disable

  1. Edit the imss.ini file.
  2. Under the [policy_server] section, add the following line:

    disableldap=yes

     
    If [policy_server] section does not exist, add it at the bottom of the file including the parameter.

    Ex:
    [policy_server]
    disableldap=yes

  3. Save the changes.
  4. Restart the following services:
    • Trend Micro IMSS Scan Service
    • Trend Micro IMSS Policy Service
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1095091
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.