Problems with MS ADAM and LDAP (SSL) connectivity between 2 DMZ servers over

We have 2 Windows 2003 Enterprise servers running in our DMZ. One has MS ADAM installed for user management and the other is a Web server. The web server was able to iniate an LDAP connection over SSL (port 50636) to the ADAM server. However this has stopped working and we cannot resolve the problem (the server with ADAM can iniate an LDAP connection to itself on that port without problem).

You can telnet between the two servers on that port and the connection this appears to connect so we don't believe there is anything stopping the connection. Also you can initiate an LDAP connection on 50389.

Any help in troubleshooting this would be appreciated.

Regards,

Richard
BritInsuranceAsked:
Who is Participating?
 
BritInsuranceConnect With a Mentor Author Commented:
Microsoft have thankfully resolved the problem. It was certificate related - it seems that although the servers were in a workgroup only they're DNS servers were on our internal domain and they had manual entries in that domain. Therefore when a server resolved the other it resolved it fully qualified. The certificate was created against a non FQDN and it seems that odly enough when you first create it it will work, but once rebooted it trys to use the FQDN and therefore the cert fails. We recreated the certs against the FQDN and this resolved the problem.
0
 
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
Check to make sure that the certificate is ok (not expired, etc.).  Also check the encryption strength to see if it is 1024 or 2048 - if it is 2048 or higher, check this out:
http://support.microsoft.com/kb/955610

You might try restarting the adam instance and see if that might help, although if you are able to connect to it locally I'm not sure if that will help.

I'm assuming there are not any software firewalls that might have gotten messed up somehow.

Here is another MS article that might be useful:
http://support.microsoft.com/kb/840991
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.