search cancel

Messaging Gateway Directory Integration TLS connection fails


Article ID: 172482


Updated On:


Messaging Gateway


The Messaging Gateway (SMG) Directory Integration connection may fail if using TLS secured connections due to a certificate calidation failure. 

This issue can include inbound email not being processed, the Message Audit Log shows message aborts.

The error can be found in the Directory Data Service logs:

Sep 17 2018 06:14:19 [btpool0-1] [LoggingDDS] ERROR - 800402 Permanent failure while attempting to search data source: 
Internal.test AD   Reason: No subject alternative names matching IP address found

Alternatively, one can see:

[1532521186618] 800412 The data source is unavailable: NFC-LDAP at at


[1532521186618] 800412 The data source is unavailable: NFC-LDAP at at



This issue occurs when the verification for the certificate fails, usually due to a difference between the hostname or IP in the SMG configuration and the Subject Alternative Names in the certificate. If the hostname or IP in the SMG DDS configuration does not match an entry in the LDAP server certificate's Subject Alternate Name list, the TLS negotiation will fail.


The root cause of this issue is that the LDAP server certificates cannot be validated in the current environment by the Messaging Gateway DDS client. For security, it is important to make sure that the environment and certificates are configured properly. Do so to ensure that the certificates can be verified upon initiating a TLS conversation. This step can include:

  • Update the configuration so that Directory Integration connects to a hostname/FQDN that is listed in the certificate (recommended).
  • Update the certificate so that it contains the IP or hostname that Directory Integration uses to connect.