Im running out of Ideas so I thought I would post here and see what I can get.
We have a server sitting out in the DMZ that is not a member of the domain. The server has an application on it that binds to a domain controller over 636 (LDAP over SSL). Until last week all was well. Then with no changes to the server, the application, the domain controller it stopped. I truly mean nothing. we didn't even reboot the server. We use LDAP over SSL for everything, in most cases 389 isnt even allowed between networks.
I have tested on my client computer, other domain controllers, other member servers and workstations not in the environment. All can still connect on 636 without issue. I have moved the server out of the DMZ and put it in to the same network as the DC it is looking at and it fails. It worked fine with 389. Literaly when we connect 389 on the same network it connectes, click disconnect and immediately connect 636 and it says Server is down. Telnet to 636 from the server and it will maintain the connection.
Run a netmon while attempting the LDAPS connection and you see the client send a hello and the server reply with an ack and reset. at the same time on the domain controller you get
"An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed."
disable TLS 1.0 on the client and you still get the same error.
ideas?
Dislaimer 1:As usual I could be way off so no playing like I'm Frankenstein. Disclaimer 2: my Speeling and proofing skills are teh fail