Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » LDAPS not working
LDAPS not working [message #159393] Wed, 29 July 2009 10:13 Go to next message
Altria  is currently offline Altria  United States
Messages: 14
Registered: July 2009
Junior Member
I cannot get ldaps to work on AD with workstations outside of the domain.
Within the domain, SSL connections using ldaps work fine.

I am nto sure if I am doing this right but let me present an overview:

1 Win2k3 Ent CA
2 Win2k3 DCs - serving the domain ab.local
These boxes can all make ldaps connections, tested via ldp.exe

Now, I am at a workstation that belongs to domain ab.com. I imagine that the
name for SSL connection is looking at a cert for ab.local which cannot be
resolved from ab.com. Would I have to make ab.local an authoritative zone in
my DNS of ab.com in order for workstation to recognize SSL CN?

Also, on the CA side do I need to issue certs to both ab.com and ab.local
workstations?

TIA,
Altria
Re: LDAPS not working [message #159396 is a reply to message #159393] Wed, 29 July 2009 10:56 Go to previous message
Joe Kaplan  is currently offline Joe Kaplan  United States
Messages: 88
Registered: July 2009
Member
It is probably just the case that you need to ensure that the root
certificate in your CA chain is configured as a trusted root on the external
workstation. It should have nothing to do with DNS.

Basically, when you use a Windows Enterprise CA, Windows takes care of
pushing our your root certificate to all your domain members for you but it
can't do this automatically for external workstations. You need a better
PKI strategy to ensure this happens. If the machines are part of another AD
forest, you could distribute the root cert via GPO to them as one approach.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"Altria" <urbantec92@msn.com> wrote in message
news:OWim3dGEKHA.4220@TK2MSFTNGP02.phx.gbl...
>I cannot get ldaps to work on AD with workstations outside of the domain.
>Within the domain, SSL connections using ldaps work fine.
>
> I am nto sure if I am doing this right but let me present an overview:
>
> 1 Win2k3 Ent CA
> 2 Win2k3 DCs - serving the domain ab.local
> These boxes can all make ldaps connections, tested via ldp.exe
>
> Now, I am at a workstation that belongs to domain ab.com. I imagine that
> the name for SSL connection is looking at a cert for ab.local which cannot
> be resolved from ab.com. Would I have to make ab.local an authoritative
> zone in my DNS of ab.com in order for workstation to recognize SSL CN?
>
> Also, on the CA side do I need to issue certs to both ab.com and ab.local
> workstations?
>
> TIA,
> Altria
>
Previous Topic:SYSVOL Doesn't appear as shared in a Secondary Domain Controller
Next Topic:LDAPS on 2k3
Goto Forum:
  


Current Time: Wed Jan 17 05:41:03 MST 2018

Total time taken to generate the page: 0.02687 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software