Sogo will not stay connected/Samba TLS error

NethServer Version: 8
Module: Sogo/Samba

Hello, I have upgraded 2 Nethserver 7 instances to Nethserver 8. One of them is consistently getting these error in /var/log/messages:

samba-dc[7625]: TLS …/…/source4/lib/tls/tls_tstream.c:1378 - Decryption has failed.


Apr 15 08:48:01 mail2 samba-dc[3926]: Auth: [LDAP,simple bind/TLS] user [(null)][samaccountname=jeff,dc=ad,dc=xxxxxx,dc=xxx] at [Mon, 15 Apr 2024 15:48:01.226784 UTC] with [Plaintext] status [NT_STATUS_NO_SUCH_USER] workstation [NSDC-MAIL] remote host [ipv4:] mapped to [(null)][(null)]. local host [ipv4:]
Apr 15 08:48:01 mail2 sogo-app[6005]: Apr 15 08:48:01 sogod [118]: <0x0x563c356e0550[LDAPSource]> <NSException: 0x563c3575ff00> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “samaccountname=jeff,dc=ad,dc=xxxx,dc=xxx”; }

I xx’d out the domain.

This system is then regularly not allowing connections to SOGo activesync. Then periodically, it will allow me to authenticate just fine. I am not certain the Samba and SOGo issues are connected. This is just the only thing that I can find.

So… In an attempt to simply allow signing in via the full email rather than just the username, I edited /home/sogo1/.config/templates/sogo.conf to say:

bindFields = (

instead of just the sAMAccountName. This allowed the full email, and since then, I have not gotten the login failures for ActiveSync. I’m assuming this is not the proper way to do this, but it was the only way I knew to do it. However, the TLS errors are still occurring and I’d love to figure out how to get that fixed.


My concern in the mysql database is foo and are two distinct users

Also userprincipalname is a field that looks like an email but is not related to the mail domain name

Maybe you got old previous client set to active sync with a full mail address, can you try to reconfigure them with just a username