I have a windows 2003 DC that is a CA. It created its own root and server cert. I have a Linux web server that connects via LDAPs to make changes to the AD (managment application for setting up users etc) all this works fine. I want to have redundancy though. I want to have a secondary LDAP server for the web server to look to incase something happens to the first one. I set up a new windows 2008r2 box and joined the domain, DCPROMOed it and made sure everything is replicating. I then went on the http://<first_DC>/certsrv site and requested a server authentication cert. I got this and installed it.The web server cannot bind via port 636 to the new DC. The port is open, it is not a firewall issue.Can someone please tell me if I did something wrong. How do I get this working?

Hi SpawarTMS,As far as i understood you are trying to make changes to the new windows 2008 R2 AD which is failing. where have you stored the certificate ?can you run the below command to check the validity of the certificate against the installed one.Certutil.exe isvalid Serialnumber--what is the error mesage you are receving while try to modify the AD on windows 2008 R2 ?

I am not making changes to AD. I added a new domain controller to my existing domain. The new domain controller is 2008r2. I want to be able to make secure LDAP connections to it from my Linux web server. I cannot bind.The certificate that I generated on my local CA is stored in the local computer account personal store.I ran the command and it came back valid.I am not getting any errors except that the Linux box says it cannot bind.I ran a portQry and 636 is listening.