We help IT Professionals succeed at work.

Secure LDAP fails to additional domain controllers

Lenblock
Lenblock asked
on
869 Views
Last Modified: 2014-05-27
Hi

We have a Fortigate unit which needs to authenticate users over LDAP, using a secure connection with ldaps.

Imported the Certificate from our PDC to the Fortigate unit.
It works fine when authenticating with our PDC.
PDC is our Certificate Authority server.

But when I try to authenticate towards our two additional domain controllers it fails.

Tested with LDP.exe port 636 and SSL, and receive the following when testing:
Server error: <empty>

The two additional domain controllers was created a year ago, after decommissioning the two older ones.
Is this an error, or just something missing in the config ?


Regards.
Comment
Watch Question

MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi

There is also an option for using STARTTLS in the Fortigate.
If I change to that with the two additional domain controllers, it works.
The weird thing is that when trying STARTTLS with our PDC, it fails.

I would like to be running STARTTLS or LDAPS for all 3 DC's.

The PDC is a 2012 server
Two additional DC's are: 2012 R2

Is there a difference in support pf STARTTLS or LDAPS in a 2012, 2012 R2 ?

Author

Commented:
Hi

Read up on this a bit more.
AS far as I get it. Our PDC  get certificate and LDAPS enabled automatically as it has the CA role.

Additional domain controllers need to request the certificate "Domain Controller Authentication" into Certificate -> Personal -> Certificates

What i'm wondering now, will this change the behavior in how our DC's authenticate or will it just enable LDAPS as an additional option ?

Regards.
Architect
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.