Re: LDAP over Secure Sockets Layer (SSL) will be unavailable at this t

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I've seen this error previously with ADAM that happened as a result of having a certificate deployed in multiple containers but with only one of them associated with the certificate's private key and that not being a container that the server account had access to. For AD, that seems weird since it should have read access to any key (or file) on the system. It may be that the key for the cert got removed though.

I'd check the certificates mmc snap-in to see what certs are in the personal container local machine store and see if they have a private key to start.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"trnsfrmrsr" <trnsfrmrsr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7DEB4AF8-7E0D-4FA6-BBE7-2AA47BB18027@xxxxxxxxxxxxxxxx
I"ve got a server 2008 read only domain controller (as well as a server 2008
DC). Running at server 2003 operational level. Recently i've noticed these
errors popping up in the logs.

LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
because the server was unable to obtain a certificate.

Additional Data
Error value:
8009030e No credentials are available in the security package

I've been searching around for a while now and I can't seemt o find anything
related to this error and server 2008. Can anyone point me in the correct
direction?

Thanks,

Ryan

.

Relevant Pages

  • Re: Private key generation
    ... As I wrote in my first answer to that thread - there are many situations when key pair is generated on trusted server. ... identity based encryption) simply requires generation of private key on server... ... High assurance keys (especially these that afterward are split in multiple shares using secret sharing schemes) may also require use of specialized equipment and computers that runs in a tempest/EM shielded locations. ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)
  • Re: Certificate key access under Network Service in IIS 6
    ... Haven't done that because I've been remoted in to the customer's server. ... It is likely the private key file but might be a registry key as well. ... I can get the signing process to work if I have the IIS Application Pool configured to run under SYSTEM but running under the preferred NETWORK SERVICE account the private key access of the certificate fails. ...
    (microsoft.public.dotnet.security)
  • Re: How to use certificates?
    ... I expect that server will know the client public key, ... > private key for that certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Private key generation
    ... Some encryption schemes (like f.e. ... identity based encryption) simply requires generation of private key on server... ... Default scenario supported by Microsoft Certificate Server is the most standard CA mode when CA just signs X509 certificate with emedded public keys. ...
    (microsoft.public.dotnet.security)
  • Re: Client Certificates Issue
    ... "Active Directory User Objects" where the certificate is available, ... the Store Name for that store or, how can I access it using C#.Net code? ... not on your server. ... of the private key for the certificate they provided to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)