I have a client that has a Citrix Access Gateway (5.0.1) installed. When users passwords expire in AD they are prompted t0 reset them:
When the user goes through the motions they get:
So I thought, oh yea, CAG isnt talking to DC on port 636 and using standard unsecure LDAP on 389. I was wrong:
So I looked at the CERTS and it seems like all the relevant certs are there:
If I go into that users account and set it to never expire, they can log on fine so I know that secure LDAP is working over 636.
Im at a complete loss.