Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » LDAP over Secure Sockets Layer (SSL) will be unavailable at this t
LDAP over Secure Sockets Layer (SSL) will be unavailable at this t [message #156538] Thu, 18 June 2009 22:07 Go to next message
trnsfrmrsr  is currently offline trnsfrmrsr
Messages: 5
Registered: June 2009
Junior Member
I"ve got a server 2008 read only domain controller (as well as a server 2008
DC). Running at server 2003 operational level. Recently i've noticed these
errors popping up in the logs.

LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
because the server was unable to obtain a certificate.

Additional Data
Error value:
8009030e No credentials are available in the security package

I've been searching around for a while now and I can't seemt o find anything
related to this error and server 2008. Can anyone point me in the correct
direction?

Thanks,

Ryan
Re: LDAP over Secure Sockets Layer (SSL) will be unavailable at this t [message #156540 is a reply to message #156538] Thu, 18 June 2009 22:43 Go to previous messageGo to next message
Joe Kaplan  is currently offline Joe Kaplan  United States
Messages: 88
Registered: July 2009
Member
I've seen this error previously with ADAM that happened as a result of
having a certificate deployed in multiple containers but with only one of
them associated with the certificate's private key and that not being a
container that the server account had access to. For AD, that seems weird
since it should have read access to any key (or file) on the system. It may
be that the key for the cert got removed though.

I'd check the certificates mmc snap-in to see what certs are in the personal
container local machine store and see if they have a private key to start.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"trnsfrmrsr" <trnsfrmrsr@discussions.microsoft.com> wrote in message
news:7DEB4AF8-7E0D-4FA6-BBE7-2AA47BB18027@microsoft.com...
> I"ve got a server 2008 read only domain controller (as well as a server
> 2008
> DC). Running at server 2003 operational level. Recently i've noticed these
> errors popping up in the logs.
>
> LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
> because the server was unable to obtain a certificate.
>
> Additional Data
> Error value:
> 8009030e No credentials are available in the security package
>
> I've been searching around for a while now and I can't seemt o find
> anything
> related to this error and server 2008. Can anyone point me in the correct
> direction?
>
> Thanks,
>
> Ryan
Re: LDAP over Secure Sockets Layer (SSL) will be unavailable at th [message #156574 is a reply to message #156540] Fri, 19 June 2009 14:18 Go to previous messageGo to next message
trnsfrmrsr  is currently offline trnsfrmrsr
Messages: 5
Registered: June 2009
Junior Member
Thanks for your response, this puts me on the correct path, I'm looking at
the local cert store (personal) and i've got not certificates. Strange thing
is that when i bring up the request certificate, I'm told i can't request any
certificates (as domain admin?).

Strangely, my 2008 DC works fine with our Microsoft certificate authority.
And has no issue requesting certs.


"Joe Kaplan" wrote:

> I've seen this error previously with ADAM that happened as a result of
> having a certificate deployed in multiple containers but with only one of
> them associated with the certificate's private key and that not being a
> container that the server account had access to. For AD, that seems weird
> since it should have read access to any key (or file) on the system. It may
> be that the key for the cert got removed though.
>
> I'd check the certificates mmc snap-in to see what certs are in the personal
> container local machine store and see if they have a private key to start.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> "trnsfrmrsr" <trnsfrmrsr@discussions.microsoft.com> wrote in message
> news:7DEB4AF8-7E0D-4FA6-BBE7-2AA47BB18027@microsoft.com...
> > I"ve got a server 2008 read only domain controller (as well as a server
> > 2008
> > DC). Running at server 2003 operational level. Recently i've noticed these
> > errors popping up in the logs.
> >
> > LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
> > because the server was unable to obtain a certificate.
> >
> > Additional Data
> > Error value:
> > 8009030e No credentials are available in the security package
> >
> > I've been searching around for a while now and I can't seemt o find
> > anything
> > related to this error and server 2008. Can anyone point me in the correct
> > direction?
> >
> > Thanks,
> >
> > Ryan
>
>
RE: LDAP over Secure Sockets Layer (SSL) will be unavailable at this t [message #156579 is a reply to message #156538] Fri, 19 June 2009 14:46 Go to previous messageGo to next message
trnsfrmrsr  is currently offline trnsfrmrsr
Messages: 5
Registered: June 2009
Junior Member
So i'm trying to use the certificate enrollment tool on the read only domian
controller. When i try to request a cert the error for all the templates is:

"the permissions on the certificate template do not allow for this type of
certificate. You do not have permissions to view this type of certificate"

I'm logged into the machine as the domain admin and this is still present.
This process works fine on all the "normal" DCs



"trnsfrmrsr" wrote:

> I"ve got a server 2008 read only domain controller (as well as a server 2008
> DC). Running at server 2003 operational level. Recently i've noticed these
> errors popping up in the logs.
>
> LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
> because the server was unable to obtain a certificate.
>
> Additional Data
> Error value:
> 8009030e No credentials are available in the security package
>
> I've been searching around for a while now and I can't seemt o find anything
> related to this error and server 2008. Can anyone point me in the correct
> direction?
>
> Thanks,
>
> Ryan
Re: LDAP over Secure Sockets Layer (SSL) will be unavailable at this t [message #156582 is a reply to message #156579] Fri, 19 June 2009 18:06 Go to previous messageGo to next message
Joe Kaplan  is currently offline Joe Kaplan  United States
Messages: 88
Registered: July 2009
Member
Unfortunately I'm not a WinCA guy at all (we use external certs for our DCs)
and I'm not an RODC guy either so I don't know any of the particulars
regarding how this is supposed to work. Maybe someone else will know.

Sorry!

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"trnsfrmrsr" <trnsfrmrsr@discussions.microsoft.com> wrote in message
news:A7D04F5A-83C0-439D-AD7C-517E08900EEB@microsoft.com...
> So i'm trying to use the certificate enrollment tool on the read only
> domian
> controller. When i try to request a cert the error for all the templates
> is:
>
> "the permissions on the certificate template do not allow for this type of
> certificate. You do not have permissions to view this type of certificate"
>
> I'm logged into the machine as the domain admin and this is still present.
> This process works fine on all the "normal" DCs
>
>
>
> "trnsfrmrsr" wrote:
>
>> I"ve got a server 2008 read only domain controller (as well as a server
>> 2008
>> DC). Running at server 2003 operational level. Recently i've noticed
>> these
>> errors popping up in the logs.
>>
>> LDAP over Secure Sockets Layer (SSL) will be unavailable at this time
>> because the server was unable to obtain a certificate.
>>
>> Additional Data
>> Error value:
>> 8009030e No credentials are available in the security package
>>
>> I've been searching around for a while now and I can't seemt o find
>> anything
>> related to this error and server 2008. Can anyone point me in the correct
>> direction?
>>
>> Thanks,
>>
>> Ryan
Re: LDAP over Secure Sockets Layer (SSL) will be unavailable at this t [message #156586 is a reply to message #156579] Fri, 19 June 2009 19:02 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"trnsfrmrsr" <trnsfrmrsr@discussions.microsoft.com> wrote in message
news:A7D04F5A-83C0-439D-AD7C-517E08900EEB@microsoft.com...
> So i'm trying to use the certificate enrollment tool on the read only
> domian
> controller. When i try to request a cert the error for all the templates
> is:
>
> "the permissions on the certificate template do not allow for this type of
> certificate. You do not have permissions to view this type of certificate"
>
> I'm logged into the machine as the domain admin and this is still present.
> This process works fine on all the "normal" DCs

I'm not sure how you've configured your CA/PKI, and there are many factors
regarding this that is too difficult and lengthy to explain in a post, and
would also require additional questions regarding if you are planning to use
autoenrollment, or if you've already configured it, GPOs, security settings
on the CA and the certificate template, etc, and please do keep in mind, I
have not worked with secure LDAP in this respect, and not sure how to assist
in this area if it doesn;t work, but the one thing I do know is that you
will need the CA to be installed on Windows Enterprise Edition (2003 or
2008) in order to have the correct certificate template (v2.0) to use for
this purpose, or rather the certificate's purpose, autoenrollment, etc. CA
on a standard box doesn't work, unfortunately.

Ace
Previous Topic:Lsass.exe is the "heart" process of the Active Directory engine?
Next Topic:Win2k to Win2k3 migration
Goto Forum:
  


Current Time: Wed Oct 18 01:45:30 EDT 2017

Total time taken to generate the page: 0.03536 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software