External connection to Domain Controller - Secure LDAP 636

I have a domain controller with secure LDAP available on port 636

However we have internal dns for our outside domain setup to be remoteDC.ourdomain.com
that hostname is set to direct to the internal IP and is opened through external firewall to allow connection into the internal Domain Controller.

Using LDP.exe internally I can connect to the remoteDC.ourdomain.com but externally cannot, even though firewall rules are there to allow.

Would this have to do with any certificates or the remotedc.ourdomain.com not matching the internal domain controller called DC01?
garryshapeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
What tool are you using to check from outside? You basically need to use ldaps when using 636.

or use ldap explorer.
http://ldaptool.sourceforge.net/
0
garryshapeAuthor Commented:
It's a third party tool that has a built in LDAPS connectivity built in
I just don't know if lack of having the certificate locally on the non domain computer would prevent any connection at all.
0
AmitIT ArchitectCommented:
If you are able to connect via ldp. That rules out cert issue. Focus on firewall. Make sure 636 is allowed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Yeah internally I can but users' externally cannot who are permitted via an IP block rule
0
garryshapeAuthor Commented:
Yeah was firewall related, networking dept. had to fix it.
Didn't think it'd be a complicated on the Windows side of things...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.