Re: Configure Microsoft Active Directory for SSL Access
- From: Mr555 <Mr555@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Nov 2008 11:35:01 -0800
Hi Paul
Thank you so much for your reply.
I have attempted 389 it works but doesn't work with 636 even without ssl
I perform this test within the forest root DC. certificate services is
enabled on the forest root DC, certifciate is install I can see the
certificates under mmc > certificate > personal > certificates called
dctest1.testdomain.com .
The name of the domain controller is called dctest1 , so when i ran the test
in the field i specify the name of the server dctest1 and also tried
detest1.testdomain.com
port 636
in the event log i get the warning
No suitable default server credential exists on this system. This will
prevent server applications that expect to make use of the system default
credentials from accepting SSL connections. An example of such an application
is the directory server. Applications that manage their own credentials, such
as the internet information server, are not affected by this.
Thank you
Mr555
"Paul Bergson [MVP-DS]" wrote:
Hello Mr555,.
Have you attempted 389? Did it work?
Have you attempted 636 without ssl?
The name on the cert needs to match the connection to the dc (So don't use
an IP Address) so verify this.
http://support.microsoft.com/kb/814662
Have you checked the Event Log on the client to see if there is an error
that might be of more help?
I don't know what the specific error is nor do I know what service-now is,
but I wouldn't trust the wiki you pointed to. It appears to be written by
a vendor for there product. Very disappointing that it was approved by wiki,
I thought there was a certain approval process.
See if this KB artcile is of more assistance
http://support.microsoft.com/kb/321051
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This posting
is provided "AS IS" with no warranties, and confers no rights.
Hello everyone I am trying to setup LDAP over SSL without any luck , i
have following the article below.
http://wiki.service-now.com/index.php?title=Configure_Microsoft_Active
_Directory_for_SSL_Access
I have configured a stand-alone CA on the forest root test DC,
requested a certificate, issue and then submitted.
when I come to test using ldp.exe, I receive the following error.
ld = ldap_sslinit("dctest1", 636, 1);
Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to dctest1.
- Follow-Ups:
- References:
- Configure Microsoft Active Directory for SSL Access
- From: Mr555
- Re: Configure Microsoft Active Directory for SSL Access
- From: Paul Bergson [MVP-DS]
- Configure Microsoft Active Directory for SSL Access
- Prev by Date: Re: Using Group Policies to change permission for users in HKLM
- Next by Date: Re: Adprep possible rollback
- Previous by thread: Re: Configure Microsoft Active Directory for SSL Access
- Next by thread: Re: Configure Microsoft Active Directory for SSL Access
- Index(es):
Relevant Pages
|
