Avamar: LDAPS not working after upgrading to 19.12.x version

When attempting to log in to the Avamar user interface (MCGUI or AUI), the authentication fails with a null error message. Checking the /usr/local/avamar/var/mc/server_log/userauthentication.log the following error message appears:

2025-02-21 11:49:58,988 ERROR [Thread-135]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: simple bind failed: ldap_dc.dell.com:636 [Root exception is java.net.SocketException: Socket is closed or output is shut down]
2025-02-21 11:49:58,988 INFO  [Thread-135]-service.DirectoryServiceUserAuth: getAllGrpByUPN, memberList : []
2025-02-21 11:50:03,850 ERROR [Thread-138]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: simple bind failed: ldap_dc.dell.com:636 [Root exception is javax.net.ssl.SSLException: Certificate not verified.]
2025-02-21 11:50:03,851 INFO  [Thread-138]-service.DirectoryServiceUserAuth: getAllGrpByUPN, memberList : []

The root cause is the sslj.jar being upgraded to a newer version in 19.12.x Avamar version.

Install Avamar Hotfix 338905:

Avamar-Cumulative Patch 19120-186-202506

From the Dell Support Page following knowledge article Avamar: How to find and download a product hotfix, patch, installation, or upgrade package from the Dell Support website. This will edit the mcserver.xml file and change the parameter disable_endpoint_identification from false to true. 

Note: The disable_endpoint_identification parameter is used to match or identify the Certificate Hostname with the server hostname. As there are firewalls and other restrictions, this should not have any impact on security.

If the issue still persists, open a Service Request with the Avamar Support team and mention this Knowledge Article. 

Permanent Fix:

• Permanent fix 19.12 SP1 for sslj.jar file ETA October 2025