RE: [ActiveDir] Using LDAPS

[Isenhour, Joseph]

Title: Using LDAPS

The Error is only showing up on the server:   **************************************************************************************** Event Type: Warning Event Source: Schannel Event Category: None Event ID: 36872 Date:  3/22/2005 Time:  11:08:33 AM User:  N/A Computer: XXXXX Description: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.   For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ****************************************************************************************   I tried looking it up but the only explanation I found was that the error indicates that the server does not have a cert, but it clearly does.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 22, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Using LDAPS What is the unhelpful Schannel error message?  Usually that is the most helpful thing to me.  J   Also, is the schannel error on the server or client?  Seeing both sets is very helpful.   Joe K.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Isenhour, Joseph Sent: Tuesday, March 22, 2005 1:18 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Using LDAPS   We use external Verisign certs on several of our DCs so that we can support LDAPS for certain clients.  Once in a while the cert does not seem to work and it's for no apparent issue..  I'm currently experiencing the issue with one of our DCs.  I've already checked the following: The cert is in the local machine store The cert has a private key The cert can see the cert chain and all certs check out. So the certs appear to be installed properly; however, connection to 636 does not work.  I'm receiving a very unhelpful Schannel warning in the system log but that's about it. Has anyone come up with a good way to troubleshoot LDAPS issues? Thanks This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.