usom
asked on
LDAPS over SSL - Schannel Event 36872 - "No suitable default server credential exists on this system."
I'm trying to use LDAPS over SSL and running into an Schannel event 36872 which gives the following Warning message in the event log.
"No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this."
I also get the Schannel Informational message (Event ID 36867):
"Creating an SSL client credential."
When I try to use ldp.exe to connect on port 636 to my domain controller, I receive the following message:
d = ldap_sslinit("servername.d
Error <0x51> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to servername.domain.org.
I have been through every article dealing with Schannel and LDAPS that Google can find and tried just about everything to get this to work, and I still can't figure out what the issue is.
Anyone ideas would be much appreciated.
"No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this."
I also get the Schannel Informational message (Event ID 36867):
"Creating an SSL client credential."
When I try to use ldp.exe to connect on port 636 to my domain controller, I receive the following message:
d = ldap_sslinit("servername.d
Error <0x51> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to servername.domain.org.
I have been through every article dealing with Schannel and LDAPS that Google can find and tried just about everything to get this to work, and I still can't figure out what the issue is.
Anyone ideas would be much appreciated.
ASKER
Thanks. I am sure that the cert contains a private key, but how do I make sure that the NETWORK SERVICE account can access the private key?
The cert is in the Local Computer store also.
The cert is in the Local Computer store also.
Is this a 2008 box? Right-click on the cert in the Certificates MMC and click All Tasks-->Manage Private Keys.
ASKER
I fixed it by re-issuing the cert
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Make sure that the cert you've installed contains the private key, and that the NETWORK SERVICE account has Read perms to the private key. Also make sure that the certificate is installed in the Local Computer Personal store, and not the Personal store corresponding to a user account such as administrator.