locked
Disable SSL in active directory on Windows server 2008 R2 Sp1 RRS feed

  • Question

  • My Ldap users have issue while logining with VPN so i have to disble SSL option in active directory.

    But i don't know how can i disable?

    Any suggestion is highly appreciate.

    Windows Server 2008 R2 SP1

    Domain

    Rgd

    Arvind Dahiya


    Arvind

    Thursday, February 16, 2012 9:59 AM

Answers

All replies

  • You need to disable this option on the device where it is been enabled or configured, since the option doesn't exists in the AD. Also, are you talking about disabling ldap over SSL?

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, February 16, 2012 10:23 AM
  • thanks for update.

    Q . disabling ldap over SSL?

    How can we disbale ldap over ssl.

    Rgd

    Arvind


    Arvind

    Thursday, February 16, 2012 10:30 AM
  • Hello,

    by default LDAP in AD use the port 389 and 3286 and not 636(SSL) or 3269(SSL) for the GC. So did you configure LDAP over SSL?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, February 16, 2012 10:30 AM
  • I agree with Meinolf. Did you confirmed Ldap over SSL is configured becase it forces query over SSL and it requires certificates. By default, ldap over SSL is not configured. I would suggest talk to you network/security admin guys, where this SSL is configured.

    http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

    http://blogs.dirteam.com/blogs/tomek/archive/2006/09/24/Disable-simple-bind-without-SSL-on-ADAM.aspx

     

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by Lawrence, Monday, February 20, 2012 1:47 AM
    Thursday, February 16, 2012 10:34 AM
  • Awinish is correct - there should be no need to disable LDAP over SSL - since by default, your VPN users still should be able to connect to your AD over LDAP.

    If you want to prevent LDAPS connections to the domain controller, one way to accomplish this would be to simply block incoming traffic on ports listed by Meinolf - 636(SSL) or 3269(SSL) 

    hth
    Marcin

    • Marked as answer by Lawrence, Monday, February 20, 2012 1:47 AM
    Thursday, February 16, 2012 12:01 PM
  • I have enabled it once, and now removed the certificate (third part) So I now get warrnings: Schannel eventid 36872 and error 36869.

    The enabling part is easy, it autosense that it can use SSL, but removal not so easy.

    Anybody know how? 

    Friday, May 11, 2012 8:29 AM
  • OlavT,

    Did you find a resolution?

    • Edited by Eric Jay Stevens Wednesday, June 22, 2016 6:44 PM added username i was addressing
    Wednesday, June 22, 2016 6:43 PM