Solved

Cannot access ldap via web browser on SBS 2003

Posted on 2008-10-16
3
1,113 Views
Last Modified: 2013-12-24
I am having issues accessing my Active Directory externally or remotely on Small Business Server 2003.  I can go to ldap://service.mydomain.com and am prompted with a find window, but I recieve the error upon attempting a search:
The specified directory service could not be reached.
The service may be temporarily unavailable or the server name may be incorrect.

Now I have opened ports 389 and 636, adn for the purposes of trouble shooting have not restricted IP sources.  I also get a slightly different error attempting to access ldap via web browser on domain connected PC's:

An error occured whiel performing the search.
Your computer, your Internet service provider or the specified directory service may be disconnected.  Check your connections and try again.

I am logged on as a domain admin account, I have tried the registry fix someone psoted here in another resolution which I can't tell if it fixed the problem or borked it completely for my workstation.  Not too mention it wasn't mentioend if it was supposed to be applied to either the client or the server.  I have been over technet with a fine toothed comb and the only results I can come up with involve "how do you convert ldap to use ssl" or one covering port conflicts that don't currently exist on my server between Active Directory and Exchange Server residing on the same box.

I have also followed one article I believe I found the link for here reguarding the hsHeuristics attribute on cn=directory services,cn=windows nt,cn=services,cn=configuration,dc=mydomain,dc=local, and set the value to 0000002 as per the article adn no change.  The supposed effect was to have removed teh limitation on anonymous ldap requests.

I've hit a brick wall and would appreciate any advice.  
0
Comment
Question by:peace_country
  • 2
3 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22736626
Is the windows firewall enabled?  Have you allowed 389 and 636?  Try disabling it altogether and see if that lets it work.  If so, there may be some other ports involved.  If you enable 636 and 389, was that just with TCP or with UDP also?
0
 

Author Comment

by:peace_country
ID: 22737149
I have no firewall running on either my server or clients, and I can't even access LDAP on my intranet. I suspect that it's accepting connections on 389, and trying to change to 636 when performing the query, which from what I've read it really isn't supposed to do, definately not something I want it to do at the moment, largely around the incompatabillity of Vista with 2k3's certificate server, I'd rather not be forced to hack out the website and replace it with 2k8's certificate files, which is microsofts workaround.

I am attempting to provide LDAP syncing for transparent credential logging for a web defense proxy service.  I have their support people stumped for why I am unale to authenticate, I've been researching this for a week or more at this point and I have a feeling I'm going to be running into this a lot in the future.
0
 

Accepted Solution

by:
peace_country earned 0 total points
ID: 22905591
Update I have similar isuses on 2 other Small Business Server 2003 systems, no firewalls running, and inable to browse teh LDAP directory on any computer besides that server itself.  And I have some docucenters that I am unable to perfectly run network scanning on without LDAP authentication, amonug other applications.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question