Problems with MS ADAM and LDAP (SSL) connectivity between 2 DMZ servers over

We have 2 Windows 2003 Enterprise servers running in our DMZ. One has MS ADAM installed for user management and the other is a Web server. The web server was able to iniate an LDAP connection over SSL (port 50636) to the ADAM server. However this has stopped working and we cannot resolve the problem (the server with ADAM can iniate an LDAP connection to itself on that port without problem).

You can telnet between the two servers on that port and the connection this appears to connect so we don't believe there is anything stopping the connection. Also you can initiate an LDAP connection on 50389.

Any help in troubleshooting this would be appreciated.

Regards,

Richard
BritInsuranceAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ParanormasticCryptographic EngineerCommented:
Check to make sure that the certificate is ok (not expired, etc.).  Also check the encryption strength to see if it is 1024 or 2048 - if it is 2048 or higher, check this out:
http://support.microsoft.com/kb/955610

You might try restarting the adam instance and see if that might help, although if you are able to connect to it locally I'm not sure if that will help.

I'm assuming there are not any software firewalls that might have gotten messed up somehow.

Here is another MS article that might be useful:
http://support.microsoft.com/kb/840991
0
BritInsuranceAuthor Commented:
Microsoft have thankfully resolved the problem. It was certificate related - it seems that although the servers were in a workgroup only they're DNS servers were on our internal domain and they had manual entries in that domain. Therefore when a server resolved the other it resolved it fully qualified. The certificate was created against a non FQDN and it seems that odly enough when you first create it it will work, but once rebooted it trys to use the FQDN and therefore the cert fails. We recreated the certs against the FQDN and this resolved the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.