none
LDAPs / Start TLS on Windows Server 2008 R2 DC

    Question

  • Hello,

      I have my domain upgraded to Windows 2008 R2 level. I've imported valid certificate for DC and have a problem with LDAP still going only on 389 port (without encryption).  Port 636 is not even binded. Question is if Windows 2008 R2 has a different way to enable LDAPs / TLS than Windows 2003? Maybe I have to install LDS and then configure SSL as it is described in technet library? Windows 2003 needed only valid certificate and it was working :(

    REGARDS
    Michal
    Monday, January 18, 2010 1:20 PM

Answers

  • Hi,

     

    The way to enable LDAPs on Windows Server 2008 R2 is similar to Windows Server 2003. You need to put a valid LDAPs certificate in the Local Machine’s personal store of the domain controller.

     

    http://support.microsoft.com/kb/321051

     

    To verify the certificate is available and working properly, please run certutil -dcinfo verify on a DC and let me know the result.

     

    Thanks.

     

    Joson Zhou

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, January 19, 2010 3:09 AM
    Moderator

All replies

  • Hi,

     

    The way to enable LDAPs on Windows Server 2008 R2 is similar to Windows Server 2003. You need to put a valid LDAPs certificate in the Local Machine’s personal store of the domain controller.

     

    http://support.microsoft.com/kb/321051

     

    To verify the certificate is available and working properly, please run certutil -dcinfo verify on a DC and let me know the result.

     

    Thanks.

     

    Joson Zhou

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, January 19, 2010 3:09 AM
    Moderator
  • Hi,

    How's everything going? We've not heard back from you in a few days and wanted to check the current status of the issue.

    Thanks.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, January 22, 2010 1:51 AM
    Moderator
  • Hi

    The article mentioned here (http://go.microsoft.com/fwlink/?LinkId=204599) describes how enable ldaps on the domain controller, but what if one would like "Enforce"  ldaps on domain controller so that all ldap connections to the DC are over SSL, is that possible ?

    Thanks for your help,

    Luca
    Thursday, December 06, 2012 8:34 AM