I'm trying to make an LDAPS connection from the LDP tool to a couple of particular domain controllers in our environment but I keep getting the error "Cannot Open Connection" with the following info:
0x0 = ldap_unbind(ld);
ld = ldap_sslinit("dc1.domain.org", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to dc1.domain.org.
I have verified that there is only one certificate for server verification in the personal computer cert store and have tried granting permissions to the Network Service account to the key. SAN checks out with the correct FQDN as well. I have run
certutil -v verifystore my 0
and
certutil -verify -urlfetch
and both commands reported that it is valid and all checks passed.
I also noticed that I am able to make successful LDAPS connections to our 2008 R2 domain controllers and they are using certs from the same template. This issue only occurs on our DC's on 2012 and 2012R2 so I am wondering if there's an extra step for those
OS's that I've neglected to perform. I have confirmed that they are both listening on ports 389 and 636. Let me know if you need any further information. Thanks!
