With SFTP Gateway, you may encounter the following error in the web admin UI:
localhost:636 Connection refused
The first troubleshooting step is to restart the LDAP service.
If the problem persists, follow along with the rest of this article
to see if the VM is even listening on port
Otherwise, contact us via
firstname.lastname@example.org and we can help
troubleshoot the issue.
SFTP Gateway uses LDAP behind the scenes. And LDAP runs on port 636.
If LDAP is down, the
sftpgw-admin-api service will fail, and the
web admin UI will give a red error message on the top right.
You can get the status of the LDAP service with the following command:
sudo su systemctl status dirsrv@*
If LDAP is down, you can restart it:
systemctl restart dirsrv@*
At this point, you can refresh your web admin UI browser. If it's working, then you have solved the problem.
Diagnosing the issue further
If the LDAP service is
active, but you're still seeing the
error, then keep reading.
The LDAP service runs on two different ports:
389: This is normally used for clear text LDAP. But you can also run
start_tls, which is TLS over 389. This is what we use for the
ldapsearchCLI, which depends on
636: This is the LDAP service used by Java.
To determine which ports are running on your VM, run this command:
You should see the following output on a health VM:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::636 :::* LISTEN 2571/ns-slapd tcp6 0 0 :::389 :::* LISTEN 2571/ns-slapd
And you should see the following output on a VM that didn't get to finish its initial configuration:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::389 :::* LISTEN 2571/ns-slapd
If you see
389 but are missing
636, then proceed to the next section.
Check the VM size
If the VM is listening on port
389 but not port
636, the most common
reason is that the VM size is too small (e.g. less than 2 GB of RAM).
On first launch, we use a one-time configuration script that initializes the LDAP database so that it listens on port 636. If the VM doesn't have enough memory, the LDAP service could fail to start, and our first-launch script would certainly fail.
If this is the case, the best approach is to delete the VM and try again
with a larger VM size. We recommend at least a
B2Ms, which has 2 GB RAM.
Where to go from here
If you're still getting the
localhost:636 error at this point,
feel free to email us at
We can help you troubleshoot the issue, and give some suggestions based on the symptoms you are seeing.