Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » AD LDS SSL does not work
AD LDS SSL does not work [message #345701] Wed, 16 December 2009 08:36
hflocken  is currently offline hflocken  United States
Messages: 1
Registered: December 2009
Junior Member
Hi,

I'm currently trying to get SSL on AD LDS on W2K8 R2 x64 up and
running. I already have installed a certificate for the AD LDS service
account. When I use LDP.EXE on the local system, I can get an SSL
connection without any problem. When I use LDP.exe on a different W2K8
system, I can also get an SSL connection without any problems. So the
certificate is ok and the connection to the system works as well.

However, I need to create an SSL connection from a W2K3 system to my AD
LDS on W2K8. And this always fails. It also fails from a java
application - the is the application that finally needs to access the AD
LDS system.

I looked at the AD LDS event log and found the following error
message:
Client network address:
192.168.105.10:4614
Protocol:
TCP

Additional Data
Error value:
2148074289 The client and server cannot communicate, because they do
not possess a common algorithm.
Internal ID:
c050707


When I look at the data that Wireshark captures, I can see a SSL v2
Client Hello, but afterwards the server terminates the connection. The
SSL v2 client hello contains a number of Ciphers, where at least some
should be known by the AD LDS system.

When I look at the captured data from the W2K8 system where the
connection works, I can see an SSL (not v2) handshake, that contains
some more ciphers (e.g. with AES, which are not present in the client
hello of the W2K3 system).

Can anybody give me hint what I need to do in order to be able to use
SSL connections from the W2K3 system? Thanks a lot in advance!

Best regards
Holger


--
hflocken
------------------------------------------------------------ ------------
hflocken's Profile: http://forums.techarena.in/members/164532.htm
View this thread: http://forums.techarena.in/active-directory/1283021.htm

http://forums.techarena.in
Previous Topic:AD Computer object question
Next Topic:GPO Software Installation Question
Goto Forum:
  


Current Time: Tue Jan 16 10:37:55 MST 2018

Total time taken to generate the page: 0.01642 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software