[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Problems with MS ADAM and LDAP (SSL) connectivity between 2 DMZ servers over

Posted on 2008-11-10
2
Medium Priority
?
614 Views
Last Modified: 2012-05-05
We have 2 Windows 2003 Enterprise servers running in our DMZ. One has MS ADAM installed for user management and the other is a Web server. The web server was able to iniate an LDAP connection over SSL (port 50636) to the ADAM server. However this has stopped working and we cannot resolve the problem (the server with ADAM can iniate an LDAP connection to itself on that port without problem).

You can telnet between the two servers on that port and the connection this appears to connect so we don't believe there is anything stopping the connection. Also you can initiate an LDAP connection on 50389.

Any help in troubleshooting this would be appreciated.

Regards,

Richard
0
Comment
Question by:BritInsurance
2 Comments
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 400 total points
ID: 22923907
Check to make sure that the certificate is ok (not expired, etc.).  Also check the encryption strength to see if it is 1024 or 2048 - if it is 2048 or higher, check this out:
http://support.microsoft.com/kb/955610

You might try restarting the adam instance and see if that might help, although if you are able to connect to it locally I'm not sure if that will help.

I'm assuming there are not any software firewalls that might have gotten messed up somehow.

Here is another MS article that might be useful:
http://support.microsoft.com/kb/840991
0
 

Accepted Solution

by:
BritInsurance earned 0 total points
ID: 23041728
Microsoft have thankfully resolved the problem. It was certificate related - it seems that although the servers were in a workgroup only they're DNS servers were on our internal domain and they had manual entries in that domain. Therefore when a server resolved the other it resolved it fully qualified. The certificate was created against a non FQDN and it seems that odly enough when you first create it it will work, but once rebooted it trys to use the FQDN and therefore the cert fails. We recreated the certs against the FQDN and this resolved the problem.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question