LDAP Service Not Reachable


Hi all,

Hoping that someone can point me in the right direction here.

Trying to use Client Certificate Authentication for Exchange Server 2010 ActiveSync. I have got everything setup as per the documentation from Kemp for ESP and EAS. But I appear to have hit an immovable object and seem to be stuck at this error:


The network guys have confirmed that port 636 is open between the Kemp interface and the AD server, but still keep seeing this error appear. If I turn off ESP and use Basic Authentication, LDAPS, then authentication does work OK from the endpoint to the EAS server.

Can anyone point me in the right direction to resolving this?



Mark Deegan

Hello Ashley,

My first thought is to make sure the LDAP server is on a subnet that the LM is connected to. If you have only 1 interface I would add a second and join it to the subnet where the AD server is located to rule out any routing/firewall issues. I would then make sure you have the latest firmware as the 7.1.30 and above have many updates to do with LDAP and this may fix your issue.




Hi Mark,


Many thanks for the comment. The firmware is already 7.1.30. Should I ask for it to be upgraded to the latest version?

In terms of networking, this has been a bit of an ongoing issue. There is a DMZ interface, and then internal LAN interface. The Virtual Service all have IPs on the DMZ interface and the real servers are inside the LAN. The LDAP server is on the LAN to.

external address goes to DMZ > DMZ sends to the Kemp Interface in the DMZ > Virtual Service has an IP in the DMZ > LDAP servers are on the internal LAN > Real Servers are on the internal LAN

Does that make sense?