A deployment could hang indefinitely when:
- An action attempts to authenticate against an LDAP server.
- The LDAP server in question belongs to a group of LDAP servers.
- The server group is configured in a round robin configuration.
- The round robin configuration includes automatically rotating IP addresses and SSL certificates.
- The action attempts to execute during the rotation of the SSL certificates .
The last point is of particular note, because it results in the hang appearing to be an intermittent issue. The deployment will run successfully when no round robin rotation occurs during deployment execution.
A key symptom that will occur in this scenario is the appearance of the following error in the NAC's nolio_dm_all.log:
[ContinueStageExecutionTask-54571] ERROR (com.nolio.platform.server.dataservices.services.auth.retrieval.authorization.NolioActiveDirectoryAuthorizationRetriever:68) - Error while trying to fetch users authorities from Active Directory using tokenGroups
javax.naming.CommunicationException: simple bind failed: abc.company.com:3269 [Root exception is javax.net.ssl.SSLHandshakeException: server certificate change is restricted during renegotiation]