I have a stand alone instance of ad lds on win server 2008 R2. Using ldp.exe 3.0 I CAN do a NON-ssl connection and eventually a bind using servername or the fqdn which is the servername followed by a period (i.e servername.) or using the IP address. Note that the server is in a workgroup (not a domain).
However, when specifying the ssl port, ssl checkbox and any of the following servers in LDP.exe:
servername
servername. (note the trailing period)
ip addr
I get:
ld = ldap_sslinit("SRV9.", 50001, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to SRV9..
For SSL I expected the IP addr to fail because it has to be the FQDN. I expected the servername + period to work because it has on similar ad lds instances in the past.
I verified that the port is correct using dsdbutil. I have also tried changing the port using dsdbutil. Could this mess anything up if I specify that port in ldp.exe?
I have used the mmc certificate snap in to validate the certification path. The rootCA and subCAs are valid and work on other websites.
Under the details tab I have validated:
Issuer
Valid dates
Subject is SRV9
the template is WebServer
Server Authentication (1.3.6.1.5.5.7.3.1)
I have put the server cert in both the machine and service (for my ad lds instance) under the Personal store. I also have put the two "parent" CA certs in the Trusted Root Cert stores for both the service and the machine.
Thanks!
leo
