Hi,

I have problem to connect to LDAP using LDP.exe on port 636. I'm new to certificate authentification. 

I must take over Company Domain and need to setup secure authentification between servers. On DC there is CA role installed . I managed to create DC server certificate and test it with "certutil -verifystore my" and it shows certificate is valid. I also put DC server certificate to Local computer Personal store. 

CA sertificate is installed in Trusted root authority store.

Connecting with LDP.exe to port 389 connection goes throught, but using 636 with or without SSl checkbox i got:

ld = ldap_sslinit(dc.mylab.local, 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to dc.mylab.local.

I checked Local and DC default GPO and under Windows=>Security Settings=>Local Policies=>Domain controller: LDAP server signing requirement is set to none (as same as not defined)

In Event viewer i got msg: 

Event ID:      36886

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. 
An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

Netstat -a shows that DC is listening to 0.0.0.0:636

Am I missing something? I have read every topic regarding troubleshooting and configuring DC to accept LDAPS ower 636 SSL, but without success. 

• Edited by JanisJ 16 hours 56 minutes ago

Hi all

I managed to resolve my problem. 

When you generate DC server certificate using IIS you must write server FQDN in Common name field.

• Marked as answer by JanisJ 31 minutes ago