Status of remote server (LDAP) has been reset to offline-stale message constantly appearing in log

anatol_ro · ‎05-02-2024

Hello everyone! The following messages appear in the logs in the FortiAuthenticator every minute. That is, the FortiAuthenticator both loses and finds the remote LDAP server again.

Please, tell me why this may occur. In the FortiAuthenticator CLI, diagnose netlink arp list, I see that the mac-address of my ldap server is either in the STALE state or in the REACHEBLE state.

Could there be a problem with arp?
Thanks

AEK · ‎05-02-2024

Hi Anatol

Stale state should mean there was no communication betwenn LDAP and FAC for a while.

Is LDAP server on the same subnet as FAC?

Can you try a continuous ping from FAC to LDAP and see if there are packet loss when the issue occurs?

AEK

anatol_ro · ‎05-03-2024

Hi AEK! Thank you for your feedback. LDAP server and FAC are on different subnets with routing between them.
I start continuous ping from FAC to LDAP and packets are not lost for a long time, but at the same time messages "Status of remote server (LDAP) has been reset to offline-stale" and "Remote server (LDAP) become available" appear in the logs.

AEK · ‎05-03-2024

Hi Anatol

There is a known issue like yours that was fixed in 6.4.7 and 6.5.0.

848324

Remote LDAP server constantly becomes offline-stale.

Can you confirm your version is prior to that ones.

AEK

anatol_ro · ‎05-03-2024

So, my version is v6.4.4, build1028. I will try to update it in the near future. Thank you!