[VMC on AWS] LDAPS may stop working after upgrading to SDDC version 1.22
search cancel

[VMC on AWS] LDAPS may stop working after upgrading to SDDC version 1.22


Article ID: 323284


Updated On:


VMware NSX Networking VMware Cloud on AWS


  • LDAPS (port 636) is not working after upgrading NSX to version 4.1.0.
  • Following error is generated when readding LDAPS
    • "Error: Unable to obtain server certificate. Communication error. Verify that the IP address/hostnam, port, and other parameters are correct. (Error code: 53000).
  • LDAP (port 389) will continue to work.
  • From NSX manager connection to LDAP server on port 636 is successful.
    • nc -vz <ldap> 636
  • Packet capture on NSX manager, while running connection status check from NSX manager UI, shows connection reset from LDAP server.


VMware NSX 4.1.0


The issue happens because of change in cipher suites used by NSX 4.1 in Client Hello. In version 4.1 NSX manager sends only two cipher suites in Client Hello packet. If the LDAP server does not support those cipher suites then it resets the connection. To make the connection more secure some cipher suites were removed in this version.

Client Hello sent from NSX manager version 4.1. It is using only two cipher suites.


Upgrade the LDAP server to support the cipher suite.  If you experience continued issues please open a Support Request with VMware for assistance.