The Messaging Gateway (SMG) Directory Integration connection may fail if using TLS secured connections due to a certificate validation failure.
This issue can include inbound email not being processed, the Message Audit Log shows message aborts.
The error can be found in the Directory Data Service logs:
Sep 17 2018 06:14:19 [btpool0-1] [LoggingDDS] ERROR - 800402 com.symantec.sms.dds.api.exception.DataAccessSearchFailureException: Permanent failure while attempting to search data source: Internal.test AD Reason: No subject alternative names matching IP address 192.168.2.10 found
Alternatively, one can see:
[1532521186618] 800412 com.symantec.sms.dds.api.exception.DataAccessUnavailableException: The data source is unavailable: NFC-LDAP at com.symantec.sms.dds.bl.EntrySourceMonitor.available(EntrySourceMonitor.java:108) at com.symantec.sms.dds.bl.EntryS
Or:
[1532521186618] 800412 com.symantec.sms.dds.api.exception.DataAccessUnavailableException: The data source is unavailable: NFC-LDAP at com.symantec.sms.dds.bl.EntrySourceMonitor.available(EntrySourceMonitor.java:108) at com.symantec.sms.dds.bl.EntryS
This issue occurs when the verification for the certificate fails, usually due to a difference between the hostname or IP in the SMG configuration and the Subject Alternative Names in the certificate. If the hostname or IP in the SMG DDS configuration does not match an entry in the LDAP server certificate's Subject Alternate Name list, the TLS negotiation will fail.
The root cause of this issue is that the LDAP server certificates cannot be validated in the current environment by the Messaging Gateway DDS client. For security, it is important to make sure that the environment and certificates are configured properly. Do so to ensure that the certificates can be verified upon initiating a TLS conversation. This step can include: