Re: LDAPS

From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 8 Nov 2006 10:43:48 -0600

Look for errors from schannel in the System event log on the client machine
that cannot connect. It usually tells what the problem is.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"jx" <mc@xxxxxxxxxxx> wrote in message
news:eMBhFA1AHHA.1196@xxxxxxxxxxxxxxxxxxxxxxx

Well, there are couple of thing to look at. First does the client trust
the CA that issued the cert? Meaning that have published the CTL of the CA
(atleast on the DCs etc)? Secondly, is the CA CRL available for the
clients to access. Third, is the certificate you issued matches the
requirement for LDAPS? Can you verify that the certificate and CTL are
installed on the DCs local cert store?
HTH

"ODG" <ODG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C16FA043-8E4A-4C3F-909B-9F842319B0A3@xxxxxxxxxxxxxxxx

I have been trying to setup LDAPS on my domain controllers to allow an AD
password reset option from a Juniper SSL box to access AD.

I have followed the following article
http://support.microsoft.com/kb/321051
and installed the certificate and used LDP.exe to try to connect to 636
on
the domain controller but only receive the following error:

ld = ldap_sslinit("myserverver.FQDN", 636, 1);
Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to myserverver.FQDN

I have used netstat -a and can see that the DC is listening on port 636
so
am not sure why it's not allowing me to connect.

I'm sure I'm missing something quite straight forward but cannot see
what.

Any help would be gratefully received.

Thanks,

ODG

Follow-Ups:
- Re: LDAPS
  - From: ODG

References:
- Re: LDAPS
  - From: jx

Prev by Date: Re: Kindly Advice - NT to Windows 2003 domain Upgrade
Next by Date: Re: AD Restore disaster please help.........
Previous by thread: Re: LDAPS
Next by thread: Re: LDAPS
Index(es):
- Date
- Thread

Relevant Pages

Re: Client certificate error with web services
... The number of times that client certificate issues turn out to be easy to ... Joe Kaplan-MS MVP Directory Services Programming ... Assuming that the CNs are the same in both certs, ... Authentication is via client certificates. ...
(microsoft.public.dotnet.security)
Re: ADFS Token-signing Certs Not in Trusted Root Store
... This is good info, Joe. ... So now I know that the token-signing certificate is ... Get a signing cert from a CA ... case, you never have to worry about expiration or CRL checking, as your cert ...
(microsoft.public.windows.server.active_directory)
Re: pki - Event 80 I just cant find anyone who can shed light on this!
... This isn't really a .NET question. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Certificate Services could not publish a Certificate for request 78104 to ...
(microsoft.public.dotnet.security)
Re: PKI in .net Program
... Thanks Joe. ... certificate to the HttpWebRequest object was no problem. ... me a while to figure out how to access my client certificate from the ... So now I'm using PKI to authenticate the client to the server & vice ...
(microsoft.public.dotnet.security)
Re: HELP with RPC over HTTPS
... To resolve the problem you need to install the Certificate Authroity ... Should you not be able to access this site from the client machine for any ...
(microsoft.public.exchange.admin)