Issue with LDAPS Connection via MID since Quebec EA Upgrade


Description

LDAPS integrations via MID Server are not supported by ServiceNow. After upgrade to the Quebec release, the instance is not able to communicate to the LDAPS server.

Test Connection reports the following error:

" ldaps://ldap.<ldapdomain>.com:636/
Verify server address and port are correct and accessible "



MID Server Log file reported:  "Unconnected sockets not implemented" :

Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 Worker starting: LDAPConnectionTesterProbe source: 8f75bdc8db6b3a00a41f540adc96193b
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: MIDSecPolicy: calculating security Policy to be applied on <instance_name>.service-now.com
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: MIDSecPolicy: returning a security policy from the fast cache!
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: MIDSecPolicy: Certificate check for host[<instance_name>.service-now.com] is true
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: RGRPerfMetricEvent
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: LDAP is ready for connection testing: 8f75bdc8db6b3a00a41f540adc96193b(null)
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 LDAP API - LDAPLogger : ldap.<ldapdomain>.com:636
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 LDAP API - LDAPLogger : Communication error: ldap.<ldapdomain>.com:636
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 LDAP API - LDAPLogger : java.net.SocketException: Unconnected sockets not implemented
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: GenericScalarMetricEvent
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: GenericScalarMetricEvent
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: GenericScalarMetricEvent
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: CheckSessionCanceledEvent, correlator: 94758b9fdb9a64106c7f562bdc961903, sysID: d4758b9fdb9a64106c7f562bdc961903, canceled: false
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 Enqueuing: C:\MIDServer_Test\agent\work\monitors\ECCSender\output_s\ecc_queue.177b5f56f460000002.xml
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: GenericCounterMetricEvent
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: ** enqueued C:\MIDServer_Test\agent\work\monitors\ECCSender\output_s\ecc_queue.177b5f56f460000002.xml
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: MessageProcessedEvent, sysID: d4758b9fdb9a64106c7f562bdc961903
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 DEBUG: Event: SendMessageEvent, message: LDAPConnectionTesterProbe true 8f75bdc8db6b3a00a41f540adc96193b
Worker-Expedited:LDAPConnectionTesterProbe-d4758b9fdb9a64106c7f562bdc961903 Worker completed: LDAPConnectionTesterProbe source: 8f75bdc8db6b3a00a41f540adc96193b time: 0:00:00.484

Steps to Reproduce

This procedure requires the LDAPS integration.

  1. Upgrade the MID Server to the Quebec release.

  2. Navigate to the LDAPS server.

  3. Select Test Connection.

Workaround

On the MID Server host machine, execute the following steps:

  1. Navigate to the agent directory.

  2. Navigate to the ../jre/conf/security directory.

  3. Open the java.security file.

  4. Comment out the property: ssl.SocketFactory.provider=com.service_now.mid.security.policy.PolicyBasedSSLSocketFactory

  5. Save the change.

  6. Restart the MID Server.

Note:
Commenting out the property does not mean we will not use LDAPS, it means we will use the JVM ssl.SocketFactory.provider which is used on all MID servers in Paris and older releases. If the LDAP server certificate is added on MID, and the LDAP server configuration on the platform is configured to use ldaps it will use ldaps.


Related Problem: PRB1477421