| Contains Resolution: |
|
|
We configured our 2003 Domain Controllers for Secure LDAP over SSL using an Enterprise CA and publishing the Kerberos Authentication template. The Domain Controllers successfully auto enrolled with the Kerberos Certificates, but LDAPS still did not work. This is the only error we could find in the Event Logs to go on. This Microsoft KB gives some information on the event, but doesn't provide any help in diagnosing the source of the event: http://support.microsoft.com/kb/261196Attempts to connect to the DC over LDAPS with LDP.exe result in the following:ld = ldap_sslinit("my.fqdn.com", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to my.fqdn.com.Microsoft Premier Support confirmed this to be a bug in the way Windows 2008 SP1 CA Servers issue Certificates for the Kerberos Authentication template. The fix is to apply SP2 to the Certificated Servers or upgrade the Certificate Servers to Windows 2008 R2. We elected to upgrade to Windows 2008 R2 which did resolve the issue.
|
|
|
|