Re: LDAPS

Well, there are couple of thing to look at. First does the client trust the
CA that issued the cert? Meaning that have published the CTL of the CA
(atleast on the DCs etc)? Secondly, is the CA CRL available for the clients
to access. Third, is the certificate you issued matches the requirement for
LDAPS? Can you verify that the certificate and CTL are installed on the DCs
local cert store?
HTH

"ODG" <ODG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C16FA043-8E4A-4C3F-909B-9F842319B0A3@xxxxxxxxxxxxxxxx
I have been trying to setup LDAPS on my domain controllers to allow an AD
password reset option from a Juniper SSL box to access AD.

I have followed the following article
http://support.microsoft.com/kb/321051
and installed the certificate and used LDP.exe to try to connect to 636 on
the domain controller but only receive the following error:

ld = ldap_sslinit("myserverver.FQDN", 636, 1);
Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to myserverver.FQDN

I have used netstat -a and can see that the DC is listening on port 636 so
am not sure why it's not allowing me to connect.

I'm sure I'm missing something quite straight forward but cannot see what.

Any help would be gratefully received.

Thanks,

ODG


.