none
Integration issue with Oracle Virtual Directory(OVD) over SSL

    Question

  • Hi,

    Customer setup a Oracle Virtual Directory(OVD) service as LDAP service, by default, they configure 6501 for non-SSL port and 7501 for SSL port at OVD server machine. Due to security reason, they have to implement LDAP over SSL, so they generate a self-signed certificate at OVD server machine, and they also follow the MS instruction to have subject's CN field to be fully qualified host name, such as computername.<fully qualified domain name>

    https://support.microsoft.com/en-us/kb/321051

    and then at a client windows machine, they import the certificate both Personal and Trusted Root Certificates Authority.

    When they verify LDAP over SSL with ldp.exe, they encounter the following error in windows event log with Schannel logging enabled.


    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
      <EventID>36884</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2016-12-01T09:07:40.293626700Z" />
      <EventRecordID>21312</EventRecordID>
      <Correlation />
      <Execution ProcessID="584" ThreadID="608" />
      <Channel>System</Channel>
      <Computer>UKWVADAPP878.gdc-dev.net</Computer>
      <Security UserID="S-1-5-21-377595347-1756042949-1848999526-22831" />
      </System>
    - <UserData>
    - <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="LSA_NS">
      <Name>computername.<fully qualified domain name></Name>
      </EventXML>
      </UserData>

     </Event>


    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
      <EventID>36888</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2016-12-01T09:07:40.293626700Z" />
      <EventRecordID>21311</EventRecordID>
      <Correlation />
      <Execution ProcessID="584" ThreadID="608" />
      <Channel>System</Channel>
      <Computer>UKWVADAPP878.gdc-dev.net</Computer>
      <Security UserID="S-1-5-21-377595347-1756042949-1848999526-22831" />
      </System>
    - <EventData>
      <Data Name="AlertDesc">43</Data>
      <Data Name="ErrorState">552</Data>
      </EventData>

     </Event>

    one finding is we found UKWVADAPP878.gdc-dev.net contain different domain name with server's domain uk.standardchartered.com

    Can you advise me accordingly.

    Thanks

    Sprint

    Friday, December 2, 2016 2:55 AM

All replies

  • Hi,

    Please help to check the binding settings under ldp.exe:

    See here:

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 5, 2016 7:54 AM
    Moderator