The Directory Data Service (DDS) connection is failing when attempting to use secure LDAP (LDAPS) and the following error appears in the dds.log file:

com.symantec.sms.dds.api.exception.DataAccessSearchFailureException: Permanent failure while attempting to search data source: [DDS SOURCE] Reason: Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate.

This may occur following an update from SMG 10.9.0 to 10.9.1.

The TLS certificate used by the LDAP / AD server uses a deprecated key size that is now considered insecure.

SMG 10.9.1 enforces stricter certificate and TLS algorithm requirements than 10.9.0 to align with current encryption standards

The certificate used by the DDS / LDAP / AD server will need to be recreated with an RSA key larger than 1024 bits as 1024 bit RSA keys are no longer considered to be secure.

Once the TLS certificate has been updated on the LDAP server, the DDS / LDAP connections from Messaging Gateway will begin working as expected.