Professional Documents
Culture Documents
We are investigating an issue whereby emails are failing to reach cases on an intermittent basis. While this is being worked on, we ask that
customers and partners update cases via comments on the Customer Hub to ensure they are reaching your assigned Technical Support Engineer
Title
Article Number
000040395
Summary
Note: Forcepoint does not host the websites. Therefore, the links may change without notice. Forcepoint does not guarantee the accuracy
of the information.
Problem
While installing an AD agent, an admin may choose to utilize LDAPS (LDAP over SSL). They may find that the LDAPS fails to connect,
however, regular LDAP works fine.
Resolution
ffie-Hellman (ECDH)
The issue lies in SSL cipher suites that utilize Elliptical Curve Di . Microsoft made changes in Windows 10 and
Server 2016 that sometimes result in SSL failures due to cipher suite negotiation. See the following article for further information:
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server
(https://docs.microsoft.com/en-us/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server)
Workaround
By re-ordering the curve types, the SSL connection sent by the AD agent can correctly negotiate.
curve25519 value:29(0x1d)
1. On Windows Server 2016, open command prompt, type gpedit.msc (Without Quotes) and hit Enter. The Group Policy Object Editor
appears.
■ NistP384
6. Click Apply > OK
7. Restart the server for the changes to be applied.
Related Information:
Troubleshooting-1648249643851)
https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls (https://learn.microsoft.com/en-us/windows-
server/security/tls/manage-tls)
https://support.forcepoint.com/s/article/AD-Agent-Server-2016-LDAPS-Issue-1646857311875 1/2
15/06/2023, 11:36 AD Agent - Server 2016 LDAPS Issue
Keywords: 115004035293; SSL; tls; handshake; ldaps; adagent; ad agent; cipher; windows; con figure; policy; users; authenticate
URL Name
AD-Agent-Server-2016-LDAPS-Issue-1646857311875
Feedback
(https://www.linkedin.com/company/forcepoint?trk=fc_badge)
(https://www.facebook.com/ForcepointLLC) (https://twitter.com/forcepointsec)
(https://www.youtube.com/channel/UC4MbQECdktvwewRlAFwT_-w) (http://blogs.forcepoint.com)
Legal Information (https://www.forcepoint.com/website-terms-and-conditions) Privacy Policy (https://www.forcepoint.com/privacy-policy)
https://support.forcepoint.com/s/article/AD-Agent-Server-2016-LDAPS-Issue-1646857311875 2/2