Cloud based application having issues with ldaps bind to our Domain Controller in DMZ.
The application vendor is seeing the follwoing log entries on their side:
[7:Public User][1024:application notice][R] (:) - Unable to bind to the LDAP server.
Based on this they have taken a wireshark capture and seen the following sequence of packets:-
Source -> destination (DC) TCP 49662->636 [ACK] Seq=805 Ack=12910
Source -> destination (DC) TLSv1 Application data
Source -> destination (DC) TLSv1 Encrypted Alert
Source -> destination (DC) TCP 49662->636 [FIN, ACK] Seq=927 Ack=12910
destination (DC) -> Source TCP 636->49662 [ACK] Seq=12910 Ack=928
destination (DC) -> Source TCP 636->49662 [RST,ACK] Seq=12910 Ack=928
They are saying that the reason packet analyser highlights the [RST, ACT] packets in red is because after the connection closure by Cloud Application server (source) [FIN, ACK] , server is expecting a final [FIN, ACK] from Domain Controller (destination) but [RST, ACK] arrives instead. And thus they believe that it could be a issue with the Domain Controller.
Is this claim correct?
What can we do to troubleshoot this further?