socket ssl wrapping error: [Errno 104] Connection reset by peer

Question

socket ssl wrapping error: [Errno 104] Connection reset by peer

aeyaeyaey opened this issue 2 years ago · 6 comments

Hi, I got this error after the following command:

certsync -u username -p password -d xxx.local -dc-ip 10.x.x.x -ns 10.x.x.x

[*] Collecting userlist, CA info and CRL on LDAP
[-] Got error: socket ssl wrapping error: [Errno 104] Connection reset by peer
[-] Use -debug to print a stacktrace

How can I fix it ?

Answer 1 · 2023-03-07T12:30:39.000Z

Hey, by default, certsync will connect on LDAPS. If the DC does not support it, just go for -scheme ldap.

Answer 2 · 2023-03-07T14:28:49.000Z

CA is not defined in our domain controller. If I define CA will this problem be solved?

Answer 3 · 2023-03-07T18:07:21.000Z

You can try it, but can you also send the result with -debug and -scheme ldap please ?

Answer 4 · 2023-03-08T10:18:15.000Z

certsync -u username -p password -d xxx.local -dc-ip 10.x.x.x -ns 10.x.x.x -scheme ldap

[] Collecting userlist, CA info and CRL on LDAP
[] Found 10 users in LDAP
[-] No CA found in LDAP

certsync -u username -p password -d xxx.local -dc-ip 10.x.x.x -ns 10.x.x.x -debug

[*] Collecting userlist, CA info and CRL on LDAP
[-] Got error: socket ssl wrapping error: [Errno 104] Connection reset by peer
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/certipy/lib/ldap.py", line 77, in connect
self.connect(version=ssl.PROTOCOL_TLSv1_2)
File "/usr/local/lib/python3.11/dist-packages/certipy/lib/ldap.py", line 128, in connect
bind_result = ldap_conn.bind()
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 589, in bind
self.open(read_server_info=False)
File "/usr/lib/python3/dist-packages/ldap3/strategy/sync.py", line 57, in open
BaseStrategy.open(self, reset_usage, read_server_info)
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 146, in open
raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/certsync/entry.py", line 608, in main
certsync.run()
File "/usr/local/lib/python3.11/dist-packages/certsync/entry.py", line 169, in run
self.init_ldap_conn()
File "/usr/local/lib/python3.11/dist-packages/certsync/entry.py", line 161, in init_ldap_conn
self.ldap_connection.connect()
File "/usr/local/lib/python3.11/dist-packages/certipy/lib/ldap.py", line 83, in connect
self.connect(version=ssl.PROTOCOL_TLSv1)
File "/usr/local/lib/python3.11/dist-packages/certipy/lib/ldap.py", line 128, in connect
bind_result = ldap_conn.bind()
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 589, in bind
self.open(read_server_info=False)
File "/usr/lib/python3/dist-packages/ldap3/strategy/sync.py", line 57, in open
BaseStrategy.open(self, reset_usage, read_server_info)
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 146, in open
raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer

Theese are the results that you want. I couldn't solve this problem in any way

Answer 5 · 2023-03-08T10:51:04.000Z

Here you have two errors:

Your DC does not support LDAPS: to resolve, use -scheme ldap
You does not seem to have a CA in your domain: do you have a CA in your domain ?

Answer 6 · 2023-03-16T16:00:08.000Z

Closing now