Solved

Cannot access ldap via web browser on SBS 2003

Posted on 2008-10-16
3
1,110 Views
Last Modified: 2013-12-24
I am having issues accessing my Active Directory externally or remotely on Small Business Server 2003.  I can go to ldap://service.mydomain.com and am prompted with a find window, but I recieve the error upon attempting a search:
The specified directory service could not be reached.
The service may be temporarily unavailable or the server name may be incorrect.

Now I have opened ports 389 and 636, adn for the purposes of trouble shooting have not restricted IP sources.  I also get a slightly different error attempting to access ldap via web browser on domain connected PC's:

An error occured whiel performing the search.
Your computer, your Internet service provider or the specified directory service may be disconnected.  Check your connections and try again.

I am logged on as a domain admin account, I have tried the registry fix someone psoted here in another resolution which I can't tell if it fixed the problem or borked it completely for my workstation.  Not too mention it wasn't mentioend if it was supposed to be applied to either the client or the server.  I have been over technet with a fine toothed comb and the only results I can come up with involve "how do you convert ldap to use ssl" or one covering port conflicts that don't currently exist on my server between Active Directory and Exchange Server residing on the same box.

I have also followed one article I believe I found the link for here reguarding the hsHeuristics attribute on cn=directory services,cn=windows nt,cn=services,cn=configuration,dc=mydomain,dc=local, and set the value to 0000002 as per the article adn no change.  The supposed effect was to have removed teh limitation on anonymous ldap requests.

I've hit a brick wall and would appreciate any advice.  
0
Comment
Question by:peace_country
  • 2
3 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22736626
Is the windows firewall enabled?  Have you allowed 389 and 636?  Try disabling it altogether and see if that lets it work.  If so, there may be some other ports involved.  If you enable 636 and 389, was that just with TCP or with UDP also?
0
 

Author Comment

by:peace_country
ID: 22737149
I have no firewall running on either my server or clients, and I can't even access LDAP on my intranet. I suspect that it's accepting connections on 389, and trying to change to 636 when performing the query, which from what I've read it really isn't supposed to do, definately not something I want it to do at the moment, largely around the incompatabillity of Vista with 2k3's certificate server, I'd rather not be forced to hack out the website and replace it with 2k8's certificate files, which is microsofts workaround.

I am attempting to provide LDAP syncing for transparent credential logging for a web defense proxy service.  I have their support people stumped for why I am unale to authenticate, I've been researching this for a week or more at this point and I have a feeling I'm going to be running into this a lot in the future.
0
 

Accepted Solution

by:
peace_country earned 0 total points
ID: 22905591
Update I have similar isuses on 2 other Small Business Server 2003 systems, no firewalls running, and inable to browse teh LDAP directory on any computer besides that server itself.  And I have some docucenters that I am unable to perfectly run network scanning on without LDAP authentication, amonug other applications.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question