Verify Active Directory SSL

Verify Active Directory SSL

How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?
 
The following URL has a nice write up about the Microsoft Tool called LDP.exe
http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm

You can download ldp.zip directly from here : http://www.computerperformance.co.uk/ScriptsGuy/ldp.zip

or copy from your Windows 2000 / 2003 Support Tools CD.

Microsoft says :
Verifying an LDAPS connection
After a certificate is installed, follow these steps to verify that LDAPS is enabled:

1. Start the Active Directory Administration Tool (Ldp.exe).
2. On the Connection menu, click Connect.
3. Type the name of the domain controller to which you want to connect.
a. You must use a proper DNS name for the SSL test to work.
4. Type 636 as the port number and check the SSL box
5. Click OK.

RootDSE information should print in the right pane, indicating a successful connection.


If you get an error saying, "Cannot open connection," LDP cannot establish a secure connection to the directory server. In this case, it's very likely that the server is not configured properly for LDAP over SSL. Verify the server name/IP address and port number. You can also use the Portqry tool to verify that the directory server is listening on the correct port.

The following LDP output (for server name dc01) indicates that the connection failed because the certificate used in the SSL connection cannot be trusted:
ld = ldap_sslinit("dc01", 636, 1);
Error <0x0> = ldap_set_option(hLdap,LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION3);
Error <0x51> = ldap_connect(hLdap, NULL);
Server error: {empty}
Error <0x51>: Fail to connect to dc01.

You can test connecting non ssl communication by unchecking the SSL box and changing the port to 389

The same ldp.exe program can also be used to test the connection to the Global Catalog.
Follow the same steps as before, but change the ports.
The Non SSL port for the global catalog is 3268
The SSL port for the global catalog is 3269

Another tool that is good for checking the SSL cert can be downloaded from here

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...

      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • Related Articles

      • How can I check if my Microsoft Active Directory Domain controller / LDAP Server has SSL ?

        The following URL has a nice write up about the Microsoft Tool called LDP.exe http://www.computerperformance.co.uk/w2k3/utilities/ldp.htm You can download ldp.zip directly from here : http://www.computerperformance.co.uk/ScriptsGuy/ldp.zip or copy ...

      • How to enable SSL for LDAP on Active Directory?

        Problem:  webNetwork requires SSL over LDAP connection. Cause:  To ensure best security possible, you will want "end-to-end" encryption.  This is only possible with encrypting the LDAP connection.  Without SSL over LDAP some features, such as ...

      • Convert PFX certificate to JKS keystore using KeyStore Explorer

        Issue: Can we import the wildcard SSL Certificate we already have on our IIS server(s)? Solution: Please see the following documentation on how to convert a PFX certificate, exported from an IIS server, to a Java JKS keystore. Once you have your new ...

      • Unable to Verify / Extend Schema

        On the console the customer sees : FATAL (05/09) 12:10:51 [com.stoneware.service.DirectoryManager]: Unable to verify/extend schema. javax.naming.CommunicationException: simple bind failed: 10.1.1.17:636 [Root exception is ...

      • SSL certificate installation - part 2

        Problem:  Need to create and add new wildcard SSL certificate to Unified Workspace server. Prerequisite(s): Completed part 1 Access to keystore password Solution(s):  Below instructions will walk you through process of placing a new keystore on ...