Click here to get back home

no server credential/no LDAP over SSL
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
no server credential/no LDAP over SSL Ales Pour 06-17-2005
Posted by Ales Pour on June 17, 2005, 3:24 pm
Please log in for more thread options
 Hello,

I can't make LDAP over SSL work.



In event viewer, in directory services category, I can see event id 1220
(LDAP over Secure Sockets Layer will be unavailable at this time because
the server was unable to obtain a certificate.), in system category, there's
event id 36872 (No suitable default server credential exists on this system.
This will prevent server applications that expect to make use of the system
default credentials from accepting SSL connections. An example of such an
application is the directory server. Applications that manage their own
credentials, such as the internet information server, are not affected by
this.)



I have not idea what happened, but what is more important, I have no idea
what I should to fix it. Does anyone know how to fix this? Thank you very
much!

It is Windows 2003 SP1 server.



Best regards,

Ales Pour




Posted by Mitch Tulloch on June 20, 2005, 5:08 pm
Please log in for more thread options
 Is Windows Firewall running on the W2K3SP1 machine? If so, make sure there's
an exception that opens TCP port 636.

Also check out
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 in case it's
a certificate problem.

HTH

--
Cheers,
Mitch Tulloch, MVP Windows Server
=======================================
website: http://www.mtit.com
my blog: http://itreader.net

This message is provided "as is" with no warranties, and confers no
rights

> Hello,
>
> I can't make LDAP over SSL work.
>
>
>
> In event viewer, in directory services category, I can see event id 1220
> (LDAP over Secure Sockets Layer will be unavailable at this time because
> the server was unable to obtain a certificate.), in system category,
> there's event id 36872 (No suitable default server credential exists on
> this system. This will prevent server applications that expect to make use
> of the system default credentials from accepting SSL connections. An
> example of such an application is the directory server. Applications that
> manage their own credentials, such as the internet information server, are
> not affected by this.)
>
>
>
> I have not idea what happened, but what is more important, I have no idea
> what I should to fix it. Does anyone know how to fix this? Thank you very
> much!
>
> It is Windows 2003 SP1 server.
>
>
>
> Best regards,
>
> Ales Pour
>
>




Posted by S. Pidgorny on June 21, 2005, 9:26 pm
Please log in for more thread options
No, the events are explaining the problem quite well and that's nothing to
do with IP filtering: the server doesn't have SSL certificate. The fix would
be to enroll for a cert - the Domain Cotroller certificate template does the
trick.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

> Is Windows Firewall running on the W2K3SP1 machine? If so, make sure
there's
> an exception that opens TCP port 636.
>
> Also check out
> http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 in case
it's
> a certificate problem.
>
> HTH
>
> --
> Cheers,
> Mitch Tulloch, MVP Windows Server
> =======================================
> website: http://www.mtit.com
> my blog: http://itreader.net
>
> This message is provided "as is" with no warranties, and confers no
> rights
>
> > Hello,
> >
> > I can't make LDAP over SSL work.
> >
> >
> >
> > In event viewer, in directory services category, I can see event id 1220
> > (LDAP over Secure Sockets Layer will be unavailable at this time
because
> > the server was unable to obtain a certificate.), in system category,
> > there's event id 36872 (No suitable default server credential exists on
> > this system. This will prevent server applications that expect to make
use
> > of the system default credentials from accepting SSL connections. An
> > example of such an application is the directory server. Applications
that
> > manage their own credentials, such as the internet information server,
are
> > not affected by this.)
> >
> >
> >
> > I have not idea what happened, but what is more important, I have no
idea
> > what I should to fix it. Does anyone know how to fix this? Thank you
very
> > much!
> >
> > It is Windows 2003 SP1 server.
> >
> >
> >
> > Best regards,
> >
> > Ales Pour
> >
> >
>
>




Posted by Ales Pour on June 21, 2005, 4:26 pm
Please log in for more thread options
Pardon my ignorance, but where can I find "Domain Cotroller certificate
template"?

Thank you very much!

--Ales Pour


> No, the events are explaining the problem quite well and that's nothing to
> do with IP filtering: the server doesn't have SSL certificate. The fix
> would
> be to enroll for a cert - the Domain Cotroller certificate template does
> the
> trick.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
>> Is Windows Firewall running on the W2K3SP1 machine? If so, make sure
> there's
>> an exception that opens TCP port 636.
>>
>> Also check out
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 in case
> it's
>> a certificate problem.
>>
>> HTH
>>
>> --
>> Cheers,
>> Mitch Tulloch, MVP Windows Server
>> =======================================
>> website: http://www.mtit.com
>> my blog: http://itreader.net
>>
>> This message is provided "as is" with no warranties, and confers no
>> rights
>>
>> > Hello,
>> >
>> > I can't make LDAP over SSL work.
>> >
>> >
>> >
>> > In event viewer, in directory services category, I can see event id
>> > 1220
>> > (LDAP over Secure Sockets Layer will be unavailable at this time
> because
>> > the server was unable to obtain a certificate.), in system category,
>> > there's event id 36872 (No suitable default server credential exists on
>> > this system. This will prevent server applications that expect to make
> use
>> > of the system default credentials from accepting SSL connections. An
>> > example of such an application is the directory server. Applications
> that
>> > manage their own credentials, such as the internet information server,
> are
>> > not affected by this.)
>> >
>> >
>> >
>> > I have not idea what happened, but what is more important, I have no
> idea
>> > what I should to fix it. Does anyone know how to fix this? Thank you
> very
>> > much!
>> >
>> > It is Windows 2003 SP1 server.
>> >
>> >
>> >
>> > Best regards,
>> >
>> > Ales Pour
>> >
>> >
>>
>>
>
>




Posted by Ales Pour on June 21, 2005, 4:41 pm
Please log in for more thread options
OK, it's MMC snap-in.. sorry for vain message.

--AP

> Pardon my ignorance, but where can I find "Domain Cotroller certificate
> template"?
>
> Thank you very much!
>
> --Ales Pour
>
>
>> No, the events are explaining the problem quite well and that's nothing
>> to
>> do with IP filtering: the server doesn't have SSL certificate. The fix
>> would
>> be to enroll for a cert - the Domain Cotroller certificate template does
>> the
>> trick.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>>> Is Windows Firewall running on the W2K3SP1 machine? If so, make sure
>> there's
>>> an exception that opens TCP port 636.
>>>
>>> Also check out
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 in case
>> it's
>>> a certificate problem.
>>>
>>> HTH
>>>
>>> --
>>> Cheers,
>>> Mitch Tulloch, MVP Windows Server
>>> =======================================
>>> website: http://www.mtit.com
>>> my blog: http://itreader.net
>>>
>>> This message is provided "as is" with no warranties, and confers no
>>> rights
>>>
>>> > Hello,
>>> >
>>> > I can't make LDAP over SSL work.
>>> >
>>> >
>>> >
>>> > In event viewer, in directory services category, I can see event id
>>> > 1220
>>> > (LDAP over Secure Sockets Layer will be unavailable at this time
>> because
>>> > the server was unable to obtain a certificate.), in system category,
>>> > there's event id 36872 (No suitable default server credential exists
>>> > on
>>> > this system. This will prevent server applications that expect to make
>> use
>>> > of the system default credentials from accepting SSL connections. An
>>> > example of such an application is the directory server. Applications
>> that
>>> > manage their own credentials, such as the internet information server,
>> are
>>> > not affected by this.)
>>> >
>>> >
>>> >
>>> > I have not idea what happened, but what is more important, I have no
>> idea
>>> > what I should to fix it. Does anyone know how to fix this? Thank you
>> very
>>> > much!
>>> >
>>> > It is Windows 2003 SP1 server.
>>> >
>>> >
>>> >
>>> > Best regards,
>>> >
>>> > Ales Pour
>>> >
>>> >
>>>
>>>
>>
>>
>
>




Similar ThreadsPosted
Using AD server as a ldap server and 4k bit server certificate key October 13, 2005, 10:28 pm
failing to retrive CRL from certificate server using new LDAP Serv August 22, 2006, 6:12 pm
Microsoft Server 2003 LDAP Cert and CRL access by Router November 21, 2005, 8:21 am
fail to contact windows 2003 LDAP server to retrive new CRL. August 22, 2006, 6:11 pm
Configuring SSL for LDAP October 23, 2007, 10:01 am
Secure SSL with LDAP and AD May 20, 2008, 11:23 am
LDAP allows anonymous binds September 8, 2005, 9:01 am
Access Control to LDAP on AD? October 14, 2005, 9:20 pm
LDAP authentication security ? December 3, 2007, 11:25 am
Re-Configuring LDAP CDP on Enterprise Root CA February 17, 2007, 1:31 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap