Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cannot access ldap via web browser on SBS 2003

Posted on 2008-10-16
3
Medium Priority
?
1,132 Views
Last Modified: 2013-12-24
I am having issues accessing my Active Directory externally or remotely on Small Business Server 2003.  I can go to ldap://service.mydomain.com and am prompted with a find window, but I recieve the error upon attempting a search:
The specified directory service could not be reached.
The service may be temporarily unavailable or the server name may be incorrect.

Now I have opened ports 389 and 636, adn for the purposes of trouble shooting have not restricted IP sources.  I also get a slightly different error attempting to access ldap via web browser on domain connected PC's:

An error occured whiel performing the search.
Your computer, your Internet service provider or the specified directory service may be disconnected.  Check your connections and try again.

I am logged on as a domain admin account, I have tried the registry fix someone psoted here in another resolution which I can't tell if it fixed the problem or borked it completely for my workstation.  Not too mention it wasn't mentioend if it was supposed to be applied to either the client or the server.  I have been over technet with a fine toothed comb and the only results I can come up with involve "how do you convert ldap to use ssl" or one covering port conflicts that don't currently exist on my server between Active Directory and Exchange Server residing on the same box.

I have also followed one article I believe I found the link for here reguarding the hsHeuristics attribute on cn=directory services,cn=windows nt,cn=services,cn=configuration,dc=mydomain,dc=local, and set the value to 0000002 as per the article adn no change.  The supposed effect was to have removed teh limitation on anonymous ldap requests.

I've hit a brick wall and would appreciate any advice.  
0
Comment
Question by:peace_country
  • 2
3 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 22736626
Is the windows firewall enabled?  Have you allowed 389 and 636?  Try disabling it altogether and see if that lets it work.  If so, there may be some other ports involved.  If you enable 636 and 389, was that just with TCP or with UDP also?
0
 

Author Comment

by:peace_country
ID: 22737149
I have no firewall running on either my server or clients, and I can't even access LDAP on my intranet. I suspect that it's accepting connections on 389, and trying to change to 636 when performing the query, which from what I've read it really isn't supposed to do, definately not something I want it to do at the moment, largely around the incompatabillity of Vista with 2k3's certificate server, I'd rather not be forced to hack out the website and replace it with 2k8's certificate files, which is microsofts workaround.

I am attempting to provide LDAP syncing for transparent credential logging for a web defense proxy service.  I have their support people stumped for why I am unale to authenticate, I've been researching this for a week or more at this point and I have a feeling I'm going to be running into this a lot in the future.
0
 

Accepted Solution

by:
peace_country earned 0 total points
ID: 22905591
Update I have similar isuses on 2 other Small Business Server 2003 systems, no firewalls running, and inable to browse teh LDAP directory on any computer besides that server itself.  And I have some docucenters that I am unable to perfectly run network scanning on without LDAP authentication, amonug other applications.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's business world, data is more important than ever for informing marketing campaigns. Accessing and using data, however, may not come naturally to some creative marketing professionals. Here are four tips for adapting to wield data for insi…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question