Just want to share the issue that we have faced & resolved recently on our Email Gateway appliances. We were not able to make LDAP connection to the domain controllers from DMZ.
This was happening intermittently , some times connection was successful & sometime connection fails. Similar configuration was working perfectly fine for other site.
For this particular site it was intermittently failing & when checking below were the results that change with every check 🙂
Event the Telnet test was some times connecting & some times just stuck on trying to connect.
On troubleshooting further it was found that firewall was dropping the reverse /acknowledgement traffic from the LDAP servers back to Email Gateways.
There is a bug in the secure XL feature of firewall version we are using that was causing this behavior, as soon as we had disabled it our stuff started working again 🙂
SecureXL is a software acceleration product installed on Security Gateways. SecureXL network acceleration techniques deliver wire-speed performance for Security Gateways. SecureXL is implemented either in software, or in hardware.
Solution is a fix from the vendor that needs to be applied or disable this feature.
If you are in similar situation, consider above troubleshooting as it has taken a lot of our time to figure this out. (All teams were pointing that everything is fine at their end till our firewall expert found it)