Re: Cannnot make SSL work with ADAM
From: Lee Flight (lef_at_le.ac.uk-nospam)
Date: 10/06/04
- Next message: Sergiu: "Re: Domain Admin Account deleted by local Admin"
- Previous message: ptwilliams: "Re: confuse schedule replication AD"
- In reply to: Dev: "Re: Cannnot make SSL work with ADAM"
- Next in thread: Dev: "Re: Cannnot make SSL work with ADAM"
- Reply: Dev: "Re: Cannnot make SSL work with ADAM"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 6 Oct 2004 19:58:33 +0100
That's seems like it should work to me, although I have never tried
it with a service account as a local account, I use Network Service.
I would doubt that is the problem, I might try a repro if I get a chance.
Are you sure that you have the correct SSL port, you can check by
running the ADAM Tools Command Prompt and typing
dsdbutil "list instances" quit
Other than that I can only suggest bumping the debugging level on
schannel
http://support.microsoft.com/default.aspx?scid=kb;en-us;260729
and then attempting the ldp connection using the ADAM version
of ldp.exe running on the W2003 server holding the ADAM instance.
Then check the System event log to see if anything shows up and
if you are you getting event id 1220 in the ADAM instance event
log at the same time.
Lee Flight
"Dev" <Dev@discussions.microsoft.com> wrote in message
news:892FBAA3-B2A8-4602-9A9F-20573B69E03A@microsoft.com...
> Hi Lee...
>
> I just repeated all the steps with the selfSSL certificate. I exported the
> cert from the computer store and imported into the service account store.
> The
> certification path is showing up as valid. Again, I'm able to connect to
> IIS
> using SSL with the new cert from not through ldp.
>
> I have give all permissions for the service account to the key (not the
> folder)
> The common name on the cert and the name i use to connect throught ldp are
> the same.
>
> Dev
>
> "Lee Flight" wrote:
>
>> Inline below...
>> "Dev" <Dev@discussions.microsoft.com> wrote in message
>> news:6E532F49-171A-4554-939E-4803CA510E93@microsoft.com...
>> > Thanks fo the prompt reply, Lee..
>> > I have done the following so far on the win 2003 server.
>> > 1) Am using a local computer user "adamserviceUser" as the service
>> > account
>> > 2) Got a test free cert from thawte
>> > 3) Installed the cert in the computer store as well as the service
>> > account
>> > store
>> > 4) For safety I also imported the cert into the trusted root
>> > certificates.
>>
>> After step (4) if you open the certificate in the ADAM instance
>> personal store is the certification path then shown as valid?
>>
>> if the cert works for SSL I assume it is then marked for server
>> authentication?
>>
>> The only other things I can think of are:
>>
>> what name common name is the certificate issued to and are you using
>> that name when you attempt to connect?
>>
>> you definitely gave the service account permission for the correct
>> individual
>> key (not the folder it resides in)?
>>
>> when you use ldp.exe to test the connection you are specifying the
>> correct
>> ADAM instance SSL port and check the SSL check box?
>>
>> I have used Windows Enterprise CA issued certs and self-signed certs
>> (from the SelfSSL utility in the IIS 6.0 Resource Kit) for this in
>> production
>> and test environments.
>>
>> Hope this helps
>> Lee Flight
>>
>>
>>
- Next message: Sergiu: "Re: Domain Admin Account deleted by local Admin"
- Previous message: ptwilliams: "Re: confuse schedule replication AD"
- In reply to: Dev: "Re: Cannnot make SSL work with ADAM"
- Next in thread: Dev: "Re: Cannnot make SSL work with ADAM"
- Reply: Dev: "Re: Cannnot make SSL work with ADAM"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
