Re: ADAM wirh SSL

Something else is wrong for me. I've got the permissions right on the
private key file and Schannel debugging enabled. Schannel gives me this
warning:

(38672)
No suitable default server credential exists on this system. This will
prevent server applications that expect to make use of the system default
credentials from accepting SSL connections. An example of such an
application is the directory server. Applications that manage their own
credentials, such as the internet information server, are not affected by
this.

ADAM tells me this:
(1220)

LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
because the server was unable to obtain a certificate.

Additional Data
Error value:
8009030e No credentials are available in the security package

IIS has no problems at all with the cert. I can't figure out what 8009030e
is really telling me here.

I've got the cert installed in the local machine store as I want to use it
with IIS as well and when I initially tried to put it in the ADAM service
account store (network service in my case), ADAM didn't seem to be finding
it at all.

I had this working fine on my last XP install and didn't do anything
remarkably different. Grrr!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message
news:OeOEUWPXHHA.1636@xxxxxxxxxxxxxxxxxxxxxxx
Hi

if the notes

http://groups.google.co.uk/group/microsoft.public.windows.server.active_directory/msg/6a89876d200518cf?hl=en

do not help.

Do you get any more detail from Schannel debugging, that should point out
lack of private key access issues if that's the problem. I usually set
access on the key file, run up an MMC with the certificates snap-in for
both local computer and ADAM service account and cut the cert from local
computer and paste into ADAM service account store then restart the ADAM
instance.

Lee Flight

"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23HtDN5OXHHA.896@xxxxxxxxxxxxxxxxxxxxxxx
I have this exact problem on my local ADAM instance on my XP workstation
right now and I can't seem to fix it. This is very frustrating for me as
I've recently configured SSL on a few other ADAM servers with absolutely
no problems at all. Compounding the issue is that I'm not exactly sure
what that error from the crypto API is actually trying to me. :)

For you, I'd start by making sure that your ADAM service account
(possibly Network Service, but who knows how you actually set it up) has
read access to the private key file. Using WinHTTPCertCfg.exe (free
download from MS) is the generally preferred way of doing this.

If that doesn't work, I don't know what to tell you. :( Please tell me
if you find out.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"MichaelB" <MichaelB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AF17700A-36FC-4DF7-883C-6FF7B38BB219@xxxxxxxxxxxxxxxx
Hi all,

I just setup an ADAM on a standalone server. Everything works fine and I
cna
use it to the full extent. Now, as for using SSL, is does not want to
work at
all. I got a certificate from my CA and assigned it to the server and
the
service. I keep on getting the error :

LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
because the server was unable to obtain a certificate.

Additional Data
Error value:
8009030e No credentials are available in the security package


Anyone have a clue on what I can do or what the problem is?

Thank you,

Mike






.

Relevant Pages

  • Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
    ... it may be that you are either missing some part of the AzMan schema for your LDS server or that some aspect of the MMC snap-in that manages AzMan and persists the policy didn't save all the objects correctly. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I tried to give permission on ADAM for authenticated users> but ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
    ... server which prevent the configuration file from being created? ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I tried to give permission on ADAM for authenticated users but ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ADAM wirh SSL
    ... I've recently configured SSL on a few other ADAM servers with absolutely no ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I just setup an ADAM on a standalone server. ...
    (microsoft.public.windows.server.active_directory)
  • Re: HRESULT: 0X80070490 with Azman and AD LDS on 2008 server
    ... I think I'd probably use the ldp.exe tool that comes with ADAM to look at the data in both servers and see if it looks the same. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... with 2003 server... ... > I'm developing a WPF application which is using AzMan as its policy> store. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Creating a Computer Object in ADAM
    ... I've never replicated an ADAM ... Win 2003 server down to my instance, but fails from my XP instance ... 'The attempt to establish a replication link for the following writable ... Source directory service address: ...
    (microsoft.public.windows.server.active_directory)
Loading