/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- IQ database configured with LDAP server upgraded from 16.1 SP05 PL12 to 163.1 SP 05 PL15
- Login_mode : Standard,LDAPUA
- Validate same LDAP server TOLS :
VALIDATE LDAP SERVER
SEARCH DN
URL 'ldaps://xxxxx
ACCESS ACCOUNT 'CN=xxxx'
IDENTIFIED BY 'xxxx'
AUTHENTICATION URL 'ldaps://xxxx'
CONNECTION TIMEOUT 1000
CONNECTION RETRIES 3
TLS ON - Command fails with errors below
TLS: 1
CA cert file 'xxxx'
Search URL 'xxxx' is an LDAP URL
Search URL 'ldp://l' is parsed
Starting TLS on URL 'ldap://***'
calling ldap_result(): timeout value (1 sec, 0 usec)
Calling ldap_install_tls
ldap_install_tls() failed, err -1 (Can't contact LDAP server)
ldap_get_option() reports error error code: 0x0
_async_start_tls failed on url 'ldap://***', ldap error: -1 (Can't contact LDAP server)
Authenticate() failed to connect to search URL - Secure trace generated by sectrace.ini may show TLS_CACERT empty
[DATE TIME][N][iqsrv16 ][TLSOLDAP ][662016] TLS_CACERT: <none>"
- or
"DATE TIME][N][iqsrv16 ][SSL ][439680] Cli-00000002: Received message of type "Finished". Peer has completed sending of handshake messages.
[DATE TIME][N][iqsrv16 ][SSL ][439680] BIO-00000002: free()
[DATE TIME][N][iqsrv16 6 ][SSL ][439680] Cli-00000002: ########## TLSv1.2 connection with this server established: CN=***, OU=Directory Services, O=*** *, SP=**, C=**####
[DATE TIME][N][iqsrv16 ][SAPSSL ][439680] called: (hSsl)->f->Connect(hSsl)
[DATE TIME][N][iqsrv16 ][SAPSSL ][439680] called: (hSsl)->f->get_peer_certificates(hSsl, certificates)
[DATE TIME][N][iqsrv16 ][URL ][439680] Checking server certificate against hostname <hostname>
[[DATE TIME][N][iqsrv16 ][URL ][439680] checking GNdNSName alternative names
[DATE TIME][N][iqsrv16 ][URL ][439680] GNdNSName alternative name '*****' does not match
[DATE TIME][N][iqsrv16 ][URL ][439680] no GNdNSName alternative name matches
[DATE TIME][N][iqsrv16 ][URL ][439680] checking subjects CN parts
[DATE TIME][N][iqsrv16 ][URL ][439680] CN part #01 '***** does not match
[DATE TIME][N][iqsrv16 ][URL ][439680] no CN part matches
Read more...
Environment
- SAP IQ 16.1 SP05 PL12
- SAP IQ 16.1 SP05 PL15
Product
SAP IQ 16.1
Keywords
ldap server validation, tls error, sap iq upgrade, commoncryptolib, hostname validation, certificate mismatch, async start tls failed, sqlcode -1600, odbc state hy000, ldap authentication failure, secure ldap connection, sap iq pl15 upgrade, identity certificate validation , KBA , BC-SYB-IQ , Sybase IQ , BW-SYS-DB-IQ , BW on HANA with Sybase IQ Near-line Storage , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)