IBM Support

TM1Server LDAP Connection Failing, LDAP ERROR: 0x51 - ldap_connect failed

Technote (troubleshooting)


Attempting to configure TM1 to use an LDAP as an anuthentication source, is returning the following error in the tm1server.log when users attempt to log in:

ERROR 2016-01-26 12:39:48.900 TM1.LDAPAuth LDAP ERROR: 0x51 - ldap_connect failed.

Diagnosing the problem

Recreate the error, and immediately check Windows Event Viewer's 'System' logs for any details. In this case, the following error had been thrown:

Event Type: Error
Event Source: Schannel
Event ID: 36884
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is server_name. The SSL connection request has failed. The attached data contains the server certificate.

The detail above leads us to Microsoft KB Article 2275950:

Resolving the problem

The detail in the error and Microsoft KB, indicate that there is an issue with using Microsoft APIs to verify the certificate (unless the MS HotFix is applied). In order to tell TM1 not to use the Microsoft API for SSL Cert Verification, we must set the following in the tm1s.cfg file (and restart TM1):


^This tells TM1 that it is now responsible for checking the certificate

You may also need to specify the expected servername using the LDAPVerifyCertServerName parameter, or you may skip the servername check altogether using LDAPSkipSSLCertVerification=T

The following documentation should be reviewed to determine what path better suits your environment:

Document information

More support for: Cognos TM1
TM1 Server

Software version: 10.1.0, 10.1.1, 10.2, 10.2.2

Operating system(s): Windows

Software edition: All Editions

Reference #: 1975807

Modified date: 29 January 2016

Translate this page: