Re: LDAPS
- From: ODG <ODG@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 9 Nov 2006 05:14:02 -0800
I'm running ldp.exe on the domain controller itself.
The certificate is installed from a trusted server (Microsoft cert server)
that has a root certificate installed on all clients in AD via group policy.
The certificate on the domain controller is a "server authentication"
certificate instaled in the local store. THE CRL is in the trusted root store
(is this incorrect)?
How do i ensure that the CRL is available?
There are no secure channel errors in the event logs.
Sorry for some of the return questions but I'm quite new to certificate
services.
Thanks,
ODG
"Joe Kaplan" wrote:
Look for errors from schannel in the System event log on the client machine.
that cannot connect. It usually tells what the problem is.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"jx" <mc@xxxxxxxxxxx> wrote in message
news:eMBhFA1AHHA.1196@xxxxxxxxxxxxxxxxxxxxxxx
Well, there are couple of thing to look at. First does the client trust
the CA that issued the cert? Meaning that have published the CTL of the CA
(atleast on the DCs etc)? Secondly, is the CA CRL available for the
clients to access. Third, is the certificate you issued matches the
requirement for LDAPS? Can you verify that the certificate and CTL are
installed on the DCs local cert store?
HTH
"ODG" <ODG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C16FA043-8E4A-4C3F-909B-9F842319B0A3@xxxxxxxxxxxxxxxx
I have been trying to setup LDAPS on my domain controllers to allow an AD
password reset option from a Juniper SSL box to access AD.
I have followed the following article
http://support.microsoft.com/kb/321051
and installed the certificate and used LDP.exe to try to connect to 636
on
the domain controller but only receive the following error:
ld = ldap_sslinit("myserverver.FQDN", 636, 1);
Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to myserverver.FQDN
I have used netstat -a and can see that the DC is listening on port 636
so
am not sure why it's not allowing me to connect.
I'm sure I'm missing something quite straight forward but cannot see
what.
Any help would be gratefully received.
Thanks,
ODG
- Follow-Ups:
- Re: LDAPS
- From: Joe Kaplan
- Re: LDAPS
- Prev by Date: Re: Move to a new server
- Next by Date: Re: Multiple Time Zones in Windows Server 2003 AD
- Previous by thread: Re: LDAPS
- Next by thread: Re: LDAPS
- Index(es):
Relevant Pages
|
