After upgrading to RSA NetWitness 11.4 or later Active Directory is no longer connected over SSL when using a DH key length less than 2048.
ERROR com.rsa.smc.sa.admin.web.controller.ajax.AuthenticationProviderController - Test connection failed
com.rsa.asoc.launch.api.transport.client.TransportClientException: Accepted DH prime length is 2048 or higher
Active Directory users are no longer able to login. When testing the connection in Admin > Security > Settings > Under Active Directory Configurations, select the AD instance and click on the Test button:
In RSA NetWitness 11.4, we upgraded our BSAFE libraries to comply with FIPS, as a result, we now require using a DH key length of 2048 to establish SSL/TLS connections.
We recommend upgrading the DH key length of the Active Directory to 2048 or greater to establish the SSL/TLS connection. A DH key length of 1024 is no longer FIPS compatible.
The following reference is where to configure a DH key length from Microsoft, the advisory is configuring a 1024 DH key whereas we are suggesting 2048: