Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1138
  • Last Modified:

Cannot access ldap via web browser on SBS 2003

I am having issues accessing my Active Directory externally or remotely on Small Business Server 2003.  I can go to ldap://service.mydomain.com and am prompted with a find window, but I recieve the error upon attempting a search:
The specified directory service could not be reached.
The service may be temporarily unavailable or the server name may be incorrect.

Now I have opened ports 389 and 636, adn for the purposes of trouble shooting have not restricted IP sources.  I also get a slightly different error attempting to access ldap via web browser on domain connected PC's:

An error occured whiel performing the search.
Your computer, your Internet service provider or the specified directory service may be disconnected.  Check your connections and try again.

I am logged on as a domain admin account, I have tried the registry fix someone psoted here in another resolution which I can't tell if it fixed the problem or borked it completely for my workstation.  Not too mention it wasn't mentioend if it was supposed to be applied to either the client or the server.  I have been over technet with a fine toothed comb and the only results I can come up with involve "how do you convert ldap to use ssl" or one covering port conflicts that don't currently exist on my server between Active Directory and Exchange Server residing on the same box.

I have also followed one article I believe I found the link for here reguarding the hsHeuristics attribute on cn=directory services,cn=windows nt,cn=services,cn=configuration,dc=mydomain,dc=local, and set the value to 0000002 as per the article adn no change.  The supposed effect was to have removed teh limitation on anonymous ldap requests.

I've hit a brick wall and would appreciate any advice.  
0
peace_country
Asked:
peace_country
  • 2
1 Solution
 
sstone55423Commented:
Is the windows firewall enabled?  Have you allowed 389 and 636?  Try disabling it altogether and see if that lets it work.  If so, there may be some other ports involved.  If you enable 636 and 389, was that just with TCP or with UDP also?
0
 
peace_countryAuthor Commented:
I have no firewall running on either my server or clients, and I can't even access LDAP on my intranet. I suspect that it's accepting connections on 389, and trying to change to 636 when performing the query, which from what I've read it really isn't supposed to do, definately not something I want it to do at the moment, largely around the incompatabillity of Vista with 2k3's certificate server, I'd rather not be forced to hack out the website and replace it with 2k8's certificate files, which is microsofts workaround.

I am attempting to provide LDAP syncing for transparent credential logging for a web defense proxy service.  I have their support people stumped for why I am unale to authenticate, I've been researching this for a week or more at this point and I have a feeling I'm going to be running into this a lot in the future.
0
 
peace_countryAuthor Commented:
Update I have similar isuses on 2 other Small Business Server 2003 systems, no firewalls running, and inable to browse teh LDAP directory on any computer besides that server itself.  And I have some docucenters that I am unable to perfectly run network scanning on without LDAP authentication, amonug other applications.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now