When you configure for direct Lightweight Directory Access Protocol (LDAP) authentication over the Secure Sockets Layer (SSL), the SAS^® Metadata Server might stop responding to all requests. The server's lack of response might be sporadic, producing various errors. The only way to recover from this condition is to restart the SAS Metadata Server.

Client applications that connect to the SAS Metadata Server might produce a message regarding a failed connection, a failed authentication, or a connection time–out. Client applications might not provide any message and appear to be unresponsive.

To indicate the problem, the SAS Metadata Server log might contain a message like the following, after which there is no activity logged:

OpenSSL error 185057381 occurred in function SSL_connect at line 1725, the error message is SSL error 
"error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert already in hash table(0xb07c065)."

The problem occurs because of an error in handling multi–threaded connections to the LDAP server using SSL encryption. Note that Microsoft Active Directory is an LDAP provider, and you can experience the same problem using Active Directory.

The only circumvention is to configure the SAS Metadata Server to connect to LDAP without SSL.

Related Documentation

• See Direct LDAP Authentication in the SAS(R) 9.3 Intelligence Platform: Security Administration Guide for additional information about configuring the SAS Metadata Server to directly authenticate to an LDAP server.
• See How to Configure SSL between the Metadata Server and an LDAP Server in the SAS(R) 9.3 Intelligence Platform: Security Administration Guide for additional information about using SSL encryption with direct LDAP authentication.




Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Metadata Server	z/OS	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft® Windows® for x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft Windows Server 2003 Datacenter Edition	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft Windows Server 2003 Enterprise Edition	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft Windows Server 2003 Standard Edition	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft Windows Server 2003 for x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft Windows Server 2008	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft Windows Server 2008 for x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Microsoft Windows XP Professional	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Enterprise 32 bit	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Enterprise x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Home Premium 32 bit	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Home Premium x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Professional 32 bit	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Professional x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Ultimate 32 bit	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows 7 Ultimate x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows Vista	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Windows Vista for x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		64-bit Enabled AIX	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		64-bit Enabled HP-UX	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		64-bit Enabled Solaris	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		HP-UX IPF	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Linux	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Linux for x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0
		Solaris for x64	9.3	9.4	9.3 TS1M0	9.4 TS1M0

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

A fix for this issue for Base SAS 9.3_M2 is available at:

A fix for this issue for SAS/Secure SSL 9.3_M2 is available at: