LDAPS not connecting on 636. 36869

-

hi all,

we're unable connect ldaps port 636 using ldp.exe.

i following error message when attempt connect:

"ld = ldap_sslinit("srv-vdc1", 636, 1);
error 81 = ldap_set_option(hldap, ldap_opt_protocol_version, 3);
error 81 = ldap_connect(hldap, null);
server error: <empty>
error <0x51>: fail connect srv-vdc1."

this instantly throws event id: 36869

"the ssl server credential's certificate not have private key information property attached it. occurs when certificate backed incorrectly , later restored. message can indicate certificate enrollment failure."

all servers mentioned below 2012 r2 latest updates.

the server we're trying configure domain controller (dc1), weirdly our other dc (dc2) works perfectly, identical certificate (apart 'issued to' of-course.)

i requesting certificate our ca server, opposed importing manually.

the certificate in question, in dc1 local computer > personal store. cert has both client , server authentication, within valid from-to dates, , states "you have private key corresponds certificate".

have tried 'certutil -repairstore "serial number"' command no success.

i can confirm can connect standard ldap 389 dc1

any suggestions appreciated.

thanks in advance,

dg

is there certificate on dc1 in adds certificate store? open mmc.exe, add snap-in, select service account , select active directory domain services. in personal/certificates , see if there certificate being chosen on 1 in computer/personal/certificates store.

mark b. cooper, president , founder of pki solutions inc., former microsoft senior engineer , subject matter expert microsoft active directory certificate services (adcs). known “the pki guy” @ microsoft 10 years. connect mark @ http://www.pkisolutions.com



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering ...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more