Re: LDAPS connection error on 636
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Apr 2007 13:53:44 -0500
Is the cert installed in the personal store for the current user or the
computer account? It needs to be in the computer account. Additionally,
the certificates MMC should tell you that there is a private key associated
with the certificate. Also, the subject name on the certificate must match
the DNS name of the DC.
Are all of these things in place correctly?
There may be additional error or info messages in the Directory Service
event log as well.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Shon Miles" <ShonMiles@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CE11A57B-5FB0-4396-9A98-5C5B5D5D24CA@xxxxxxxxxxxxxxxx
I dd see this error
--------------------------------------
Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36872
Date: 4/13/2007
Time: 8:33:10 AM
User: N/A
Computer: ANDC03
Description:
No suitable default server credential exists on this system. This will
prevent server applications that expect to make use of the system default
credentials from accepting SSL connections. An example of such an
application
is the directory server. Applications that manage their own credentials,
such
as the internet information server, are not affected by this.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
--------------------------------------
The cert s issued from VeriSign and I instaled per the directionsof the KB
I
listed below. The cert is in the personal folder and I am running ldp.exe
from DC it is installed on for testing.
"Joe Kaplan" wrote:
Do you see an error from schannel in the System event log that
corresponds
to the failure on either the client or the DC? Generally, SSL problems
will
be related to either the server having problems using the certificate you
issued or the client won't trust the certificate for some reason.
On the server side, sometimes the server does not have the private key
for
the cert installed correctly or the cert is in the wrong store. Also,
depending on who issued the certificate, the server may not trust it.
If the server is able to process the certificate correctly, then on the
client side, the issue is usually either that the client does not trust
the
server's cert because its issuer doesn't chain to a trusted root on the
client machine or the DNS name of the cert does not match the DNS name
used
to connect to the server.
Usually, an error from schannel in the System event log will give you
details regarding the exact nature of the problem.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Shon Miles" <ShonMiles@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:95AB5BA1-5DB5-40ED-965F-A8631D1721EA@xxxxxxxxxxxxxxxx
I just followed this article,
http://support.microsoft.com/default.aspx/kb/321051, and I have the
cert
back
and installed and rebooted but when I do the connection attempt I get
this
message:
ld = ldap_open("ourDCname here", 636);
Error <0x51>: Fail to connect to ourDCname here.
Any ideas?
.
- Follow-Ups:
- Re: LDAPS connection error on 636
- From: Shon Miles
- Re: LDAPS connection error on 636
- References:
- Re: LDAPS connection error on 636
- From: Joe Kaplan
- Re: LDAPS connection error on 636
- From: Shon Miles
- Re: LDAPS connection error on 636
- Prev by Date: DC Kerberos Errors
- Next by Date: Re: ADAM instance
- Previous by thread: Re: LDAPS connection error on 636
- Next by thread: Re: LDAPS connection error on 636
- Index(es):
Relevant Pages
|
Loading
