Java SSL not authenticating to 1 of 2 Domain Controllers

Our App Support team notified me that they have an app that uses SSL to authenticate against two Domain Controllers in a Trusted Forest environment and now only 1 of the 2 are authenticating.  This has worked in the past, and now it stopped. 

Both DC's are running 2008 R2 as is the Server running the Java app.

Both Domain Controllers have current and valid certs, I have exported the certs and the App Support team applied the certs via Keytool.  Both certs appear exact.  Save CA, date, template (Domain Controller Authentication, Version (V3).

The error in the Java log is:

INFO Connecting to LDAPS://DC1.net:636 to authenticate user DomainUser
INFO Exception occurred contacting Ldap LDAPS://DC1.net:636
ERROR javax.naming.CommunicationException: simple bind failed: DDC1.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
INFO  Connect to second server LDAPS://DC2.net:636
DEBUG Looking up user in XXXXXX database
DEBUG user logged on successfully

May 28th, 2015 2:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics