Re: ADAM and Windows Address Book
- From: "Rich Raffenetti" <raffenetti@xxxxxxxxxxx>
- Date: Mon, 11 Sep 2006 22:17:28 -0500
Thanks for your response. I have added responses to your questions in the
thread below. I hope my answers will help to resolve the situation.
"Dmitri Gavrilov [MSFT]" <dmitrig@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23JYAcrV1GHA.1568@xxxxxxxxxxxxxxxxxxxxxxx
Yeah, I remember something came up with WAB.
Questions:
Which port is your WAB configured to talk to: LDAP or SSL?
I have tried both. They both fail for authenticated access. For SSL I have
a commercial Entrust certificate. (Note that LDP works with either 389 or
636.) We are interested in using SSL and having authenticated access.
Are you trying to bind with Windows credentials or ADAM user credentials?
Windows credentials.
Is "logon using secure password authentication" checkbox on or off?
Most testing with SPA checked. See below for detailed results.
When connecting from domain-joined workstation -- please try to logon as a
local admin (non-domain user), and check if it still works.
I've tried from a local admin account on the ADAM server. The event log
shows a failed attempt with the local credentials even though Windows domain
credentials were configured into the WAB. Without the SPA checked, the
message is "The specified directory service has denied access. Check the
properties for this directory service and verify that your Authentication
Type settings and parameters are correct." When I checked the box for SPA,
the message changed to "There are no entries in the directory that match
your search criteria." I check with LDP and the elements I am searching for
are there.
I changed to an administrator account in the domain on the ADAM server and
the same searches obtain the following results. With SPA checked, the
searches succeed. Without SPA checked, the message "The specified
directory..." reappears. This is with both port 389 and 636.
--
Dmitri Gavrilov
SDE, Active Directory team
This posting is provided "AS IS" with no warranties, and confers no
rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Rich Raffenetti" <raffenetti@xxxxxxxxxxx> wrote in message
news:eGVZUP00GHA.2636@xxxxxxxxxxxxxxxxxxxxxxx
I have implemented a domain-based ADAM and have the following problem
accessing it from Windows Address Book in only certain circumstances. I
am doing all of these tests with SSL (port 636). The SSL cert is from a
commercial CA (Entrust) and the root certificate is found in all Windows
systems - as long as they update Root Certificates.
WAB accesses ADAM from a client XP Pro workstation in the domain just
fine.
However, WAB does NOT access the same ADAM from a client XP Pro
workstation that is not in the domain.
LDP connects and binds to the same ADAM fine from the same workstations,
whether or not the XP Pro client workstation is in the domain. The LDP
experiments were also with SSL to port 636.
I found a thread on this issue from May 2006. There was no solution nor
was there any confirmation of this problem. I find the same behavior as
was reported then.
I get the same result when I use port 389 (no SSL).
This seems to be a WAB issue. Any ideas?
.
- Follow-Ups:
- Re: ADAM and Windows Address Book
- From: Lee Flight
- Re: ADAM and Windows Address Book
- References:
- ADAM and Windows Address Book
- From: Rich Raffenetti
- Re: ADAM and Windows Address Book
- From: Dmitri Gavrilov [MSFT]
- ADAM and Windows Address Book
- Prev by Date: Re: NTDSUtil in GUI mode...
- Next by Date: Re: Retrieve DNS
- Previous by thread: Re: ADAM and Windows Address Book
- Next by thread: Re: ADAM and Windows Address Book
- Index(es):
Relevant Pages
|
