SFTP Gateway Support

3.0

Azure Error Localhost:636 Connection Refused

Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.

Overview

With SFTP Gateway, you may encounter the following error in the web admin UI:

localhost:636 Connection refused

The first troubleshooting step is to restart the LDAP service.

If the problem persists, follow along with the rest of this article to see if the VM is even listening on port 636.

Otherwise, contact us via azure-support@thorntech.com and we can help troubleshoot the issue.

Initial troubleshooting

SFTP Gateway uses LDAP behind the scenes. And LDAP runs on port 636.

If LDAP is down, the sftpgw-admin-api service will fail, and the web admin UI will give a red error message on the top right.

You can get the status of the LDAP service with the following command:

sudo su
systemctl status dirsrv@$(hostname)

If LDAP is down, you can restart it:

systemctl restart dirsrv@$(hostname)

At this point, you can refresh your web admin UI browser. If it's working, then you have solved the problem.

Diagnosing the issue further

If the LDAP service is active, but you're still seeing the localhost:636 error, then keep reading.

The LDAP service runs on two different ports:

  • 389: This is normally used for clear text LDAP. But you can also run start_tls, which is TLS over 389. This is what we use for the ldapsearch CLI, which depends on nslcd.
  • 636: This is the LDAP service used by Java.

To determine which ports are running on your VM, run this command:

netstat -ltnp

You should see the following output on a healthy VM:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::636                  :::*                    LISTEN      2571/ns-slapd       
tcp6       0      0 :::389                  :::*                    LISTEN      2571/ns-slapd

And you should see the following output on a VM that didn't get to finish its initial configuration:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp6       0      0 :::389                  :::*                    LISTEN      2571/ns-slapd

If you see 389 but are missing 636, then proceed to the next section.

Check the VM size

If the VM is listening on port 389 but not port 636, the most common reason is that the VM size is too small (e.g. less than 2 GB of RAM).

On first launch, we use a one-time configuration script that initializes the LDAP database so that it listens on port 636. If the VM doesn't have enough memory, the LDAP service could fail to start, and our first-launch script would certainly fail.

If this is the case, the best approach is to delete the VM and try again with a larger VM size. We recommend at least a B2Ms, which has 2 GB RAM.

Check the disk space

If restarting the LDAP service does not resolve the issue, check your disk space:

sudo su
df -h

This is a common cause for LDAP not being able to start.

If you have found that you are completely out of disk space, follow the instructions in this article.

Where to go from here

If you're still getting the localhost:636 error at this point, feel free to email us at azure-support@thorntech.com.

We can help you troubleshoot the issue, and give some suggestions based on the symptoms you are seeing.

Azure Subscription not AuthorizedAzure Troubleshooting Reference