Configure Microsoft Active Directory for SSL Access

[Isaivalan]

As my title states everything, I was trying to configure LDAP over SSL using the steps provided at one website but it dint helped. As mentioned over there I also configured a stand-alone CA on the forest root test DC, requested a certificate, issue and then submitted. But still when I run the test using ldp.exe, it gives me an error message which is as follows;

ld = ldap_sslinit("dctest1", 636, 1);
Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
LDAP_VERSION3);
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to dctest1.

Can anyone please tell me how to get rid of this error and setup Microsoft Active Directory for SSL Access successfully? Many thanks.

[RaAbi]

Hi Isaivalan, i need few answers before i can suggest you any solution. Can you just tell whether you attempted attempted 389? Or did you 636 without ssl? Did anyone of these worked for you?

Until you answer, let me tell you that the name on the cert must match the connection to the dc. Hence you should not use any Ip Address for the same. You can get more info about this in the Microsoft Article:http://support.microsoft.com/kb/814662

Apart from this, just check if there is anything listed in the Event Viewer. If yes, copy paste the same here.

[Isaivalan]

Thank you very much for the help RaAbi. Yes, I have attempted 389 and it worked. I even attempted 636 without ssl but that dint worked. I ran this test in the forest root DC, also the certificate services is enabled on the forest root DC. I can also see the certificates under mmc > certificate > personal > certificates called dctest1.testdomain.com .

Now as the domain controller is named as dctest1, I used the same name when i ran the test in the field and tried detest1.testdomain.com. And as you asked about the Event Viewer, yes there is a warning message listed which is as follows:

“No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.”

What now?

[Isaivalan]

It seems like i fixed the problem. Yesterday i came across this knowledge base http://support.microsoft.com/kb/321051. I came to know that the problem was with the certificate. SO i simply removed the existing one, and re
generate a new one. Thats it.