Windows 2008 Secure LDAP

I have an outside vendor who needs LDAPS access to our network.  I have a NAT on the firewall to DC5.  I have installed Active Directory Certificate Authority as an Enterprise on DC5.  Everything I am ready says this should automically enable SSL LDAP on the domain controller.  

I test from a machine on the same subnet using ldap.exe and can not connect on 636.  I switch back to 389 its fine.

I am going around and around with Microsoft articles all day.  Your help is appreciated.
MikeLyons74Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Check the advanced settings of the server firewall.

See if the following discussion helps.
http://social.technet.microsoft.com/Forums/en/winserverDS/thread/be63bfb5-6578-4590-8369-4488e9952750


Did you see this KB
http://support.microsoft.com/kb/321051

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MikeLyons74Author Commented:
Windows Firewall is disabled on the server.  So this is not it.
arnoldCommented:
Do you have the certificate added to the correct stores?
The third party certificate references which it should be added to in order to enable Secure LDAP.  Since you are using an internal CA, the certificate might have been added in other places, but not where it would do what you need.
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

MikeLyons74Author Commented:
Reviewed the KB last night as well.  Also just tried it again.  I get the following when I request the cert from my CA

The request contains no certificate template information
0x80094801 (-2146875391)
Denied by Policy Module 0x80094801, The request does not
contain a certificate template extension or the CertificateTemplate request attribute.
MikeLyons74Author Commented:
Not even getting the Cert
arnoldCommented:
You have to check on your CA that you have the requisite template enabled.

The other issue deals with generating the request/submitting the CSR via the web interface.
http://support.microsoft.com/kb/910249

This is a reference to submitting the CSR for a certificate via the web interface
http://support.microsoft.com/kb/931351
arnoldCommented:
This one provides a guide on what needs to be done to create the template needed.
http://social.technet.microsoft.com/wiki/contents/articles/2980.aspx
MikeLyons74Author Commented:
Thank you.  The internal CA would not work and the third party was having issues until I figured out I needed to up the encryption level request.  I appreciate your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.