Solved

Cannot access ldap via web browser on SBS 2003

Posted on 2008-10-16
3
1,115 Views
Last Modified: 2013-12-24
I am having issues accessing my Active Directory externally or remotely on Small Business Server 2003.  I can go to ldap://service.mydomain.com and am prompted with a find window, but I recieve the error upon attempting a search:
The specified directory service could not be reached.
The service may be temporarily unavailable or the server name may be incorrect.

Now I have opened ports 389 and 636, adn for the purposes of trouble shooting have not restricted IP sources.  I also get a slightly different error attempting to access ldap via web browser on domain connected PC's:

An error occured whiel performing the search.
Your computer, your Internet service provider or the specified directory service may be disconnected.  Check your connections and try again.

I am logged on as a domain admin account, I have tried the registry fix someone psoted here in another resolution which I can't tell if it fixed the problem or borked it completely for my workstation.  Not too mention it wasn't mentioend if it was supposed to be applied to either the client or the server.  I have been over technet with a fine toothed comb and the only results I can come up with involve "how do you convert ldap to use ssl" or one covering port conflicts that don't currently exist on my server between Active Directory and Exchange Server residing on the same box.

I have also followed one article I believe I found the link for here reguarding the hsHeuristics attribute on cn=directory services,cn=windows nt,cn=services,cn=configuration,dc=mydomain,dc=local, and set the value to 0000002 as per the article adn no change.  The supposed effect was to have removed teh limitation on anonymous ldap requests.

I've hit a brick wall and would appreciate any advice.  
0
Comment
Question by:peace_country
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22736626
Is the windows firewall enabled?  Have you allowed 389 and 636?  Try disabling it altogether and see if that lets it work.  If so, there may be some other ports involved.  If you enable 636 and 389, was that just with TCP or with UDP also?
0
 

Author Comment

by:peace_country
ID: 22737149
I have no firewall running on either my server or clients, and I can't even access LDAP on my intranet. I suspect that it's accepting connections on 389, and trying to change to 636 when performing the query, which from what I've read it really isn't supposed to do, definately not something I want it to do at the moment, largely around the incompatabillity of Vista with 2k3's certificate server, I'd rather not be forced to hack out the website and replace it with 2k8's certificate files, which is microsofts workaround.

I am attempting to provide LDAP syncing for transparent credential logging for a web defense proxy service.  I have their support people stumped for why I am unale to authenticate, I've been researching this for a week or more at this point and I have a feeling I'm going to be running into this a lot in the future.
0
 

Accepted Solution

by:
peace_country earned 0 total points
ID: 22905591
Update I have similar isuses on 2 other Small Business Server 2003 systems, no firewalls running, and inable to browse teh LDAP directory on any computer besides that server itself.  And I have some docucenters that I am unable to perfectly run network scanning on without LDAP authentication, amonug other applications.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange server take over 4 54
WannaCry ransomware worm 2008 and 2012 server 1 144
one domain, two sites 3 32
NTDS CN=Infrastructure FSMORoleOwner 5 16
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question