schannel errors when making ssl conn. from asp.net app to ldap ser

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Clark Laughlin (ClarkLaughlin_at_discussions.microsoft.com)
Date: 10/21/04

Next message: Hani Atassi: "RE: Where should the client side control live in ASP.NET app fiold"
Previous message: I am Sam: "<system.web>"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 21 Oct 2004 07:23:06 -0700

I am trying to establish an SSL connection to our company's LDAP server from
an ASP.NET application running on Windows 2003 Server and I am getting the
following set of event log errors:

Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36870
Date: 10/21/2004
Time: 8:36:21 AM
User: N/A
Computer: R1E3S1-BL40P
Description:
A fatal error occurred when attempting to access the SSL client credential
private key. The error code returned from the cryptographic module is
0x80090304.

Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36875
Date: 10/21/2004
Time: 8:36:21 AM
User: N/A
Computer: R1E3S1-BL40P
Description:
The remote server has requested SSL client authentication, but no suitable
client certificate could be found. An anonymous connection will be attempted.
This SSL connection request may succeed or fail, depending on the server's
policy settings.

Event Type: Information
Event Source: Schannel
Event Category: None
Event ID: 36880
Date: 10/21/2004
Time: 8:36:21 AM
User: N/A
Computer: R1E3S1-BL40P
Description:
An SSL client handshake completed successfully. The negotiated cryptographic
parameters are as follows.
   Protocol: TLS (SSL 3.1)
   Cipher: RC4
   Cipher strength: 128
   MAC: MD5
   Exchange: RSA
   Exchange strength: 1024

All of this works fine from a Windows 2000 Server, so I am trying to figure
out if there is some difference between the 2, or if there is an extra
configuration step needed under 2003. On both systems, I have our corporate
root certificate installed as a Trusted Root Certificate, and a server
certificate installed for IIS.

If anyone has a suggestion of what to try, I would greatly appreciate it.

Thank you,
Clark Laughlin

Next message: Hani Atassi: "RE: Where should the client side control live in ASP.NET app fiold"
Previous message: I am Sam: "<system.web>"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Most users cant connect to our SSL-- help!
... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ...
(comp.security.misc)
Most users cant connect to our SSL-- help!
... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ...
(comp.security.ssh)
Most users cant connect to our SSL-- help!
... I've included all relevant SSL settings from our ... Subject: Large percentage of customers cannot connect to https: ... server, which then grinds indefinitely. ... "2) Your secure order form is not working. ...
(comp.security.unix)
Re: Antw: Re: LDAP Authentication Problem
... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
(de.comp.sys.novell)
RE: php4
... Mod_php4 only gets loaded if you define SSL. ... Of course I restarted apache after the install... ... # Based upon the NCSA server configuration files originally by Rob McCool. ... Not all browsers support this. ...
(freebsd-questions)