Our App Support team notified me that they have an app that uses SSL to authenticate against two Domain Controllers in a Trusted Forest environment and now only 1 of the 2 are authenticating. This has worked in the past, and now it stopped.
Both DC's are running 2008 R2 as is the Server running the Java app.
Both Domain Controllers have current and valid certs, I have exported the certs and the App Support team applied the certs via Keytool. Both certs appear exact. Save CA, date, template (Domain Controller Authentication, Version (V3).
The error in the Java log is:
INFO Connecting to LDAPS://DC1.net:636 to authenticate user DomainUser
INFO Exception occurred contacting Ldap LDAPS://DC1.net:636
ERROR javax.naming.CommunicationException: simple bind failed: DDC1.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
INFO Connect to second server LDAPS://DC2.net:636
DEBUG Looking up user in XXXXXX database
DEBUG user logged on successfully