locked
LDAPS Cannot Open Connection Server 2012 and Server 2012R2 RRS feed

  • Question

  • I'm trying to make an LDAPS connection from the LDP tool to a couple of particular domain controllers in our environment but I keep getting the error "Cannot Open Connection" with the following info:

    0x0 = ldap_unbind(ld);
    ld = ldap_sslinit("dc1.domain.org", 636, 1);
    Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
    Error 81 = ldap_connect(hLdap, NULL);
    Server error: <empty>
    Error <0x51>: Fail to connect to dc1.domain.org.

    I have verified that there is only one certificate for server verification in the personal computer cert store and have tried granting permissions to the Network Service account to the key. SAN checks out with the correct FQDN as well. I have run

    certutil -v verifystore my 0

    and

    certutil -verify -urlfetch

    and both commands reported that it is valid and all checks passed.

    I also noticed that I am able to make successful LDAPS connections to our 2008 R2 domain controllers and they are using certs from the same template. This issue only occurs on our DC's on 2012 and 2012R2 so I am wondering if there's an extra step for those OS's that I've neglected to perform. I have confirmed that they are both listening on ports 389 and 636. Let me know if you need any further information. Thanks!


    • Edited by Scott_42 Monday, May 11, 2015 5:42 PM
    Monday, May 11, 2015 5:41 PM

Answers

  • Hello Scott,

    Do you have a valid certificate in Server 2012 based DCs?

    if you do not have it, try to get one on them. Also make sure, to check the version number of certificate template and make sure, they can issue to Windows 8.1/Server 2012 R2 machines.

    Please let me know, how it goes.

    Thanks,

    Vasu.,

    • Proposed as answer by Frank Shen5 Thursday, May 21, 2015 2:52 AM
    • Marked as answer by Frank Shen5 Wednesday, May 27, 2015 6:15 AM
    Tuesday, May 12, 2015 7:43 AM