How to fix "The Certificate CN name does not match the passed value" while configuring LDAPS.

Moiez Liaquat 0 Reputation points
2023-07-18T09:28:50.9666667+00:00

I am trying to configure LDAPS in windows server 2016 test environment, I have followed the following guide to configure LDAPS https://techcommunity.microsoft.com/t5/sql-server-blog/step-by-step-guide-to-setup-ldaps-on-windows-server/ba-p/385362 But the problem is that I am getting following error while trying to connect on port 636 using ldp.exe after following the guide.

User's image

My Computer FQDN is given below.

User's image

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,576 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,721 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,894 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,902 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,627 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,541 Reputation points
    2023-07-19T12:27:18.9866667+00:00

    Hello Moiez,

    Thank you for your question and for reaching out with your question today.

    The error message "Server Down. Error 81. Server Down" in LDP.exe typically indicates that the LDAPS connection is not successful. Here are some common issues and troubleshooting steps you can follow:

    1. Check LDAP over SSL (LDAPS) Configuration: Verify that you have correctly configured LDAPS on the server by following the steps in the guide you mentioned. Double-check the certificate configuration, binding settings, and firewall rules.
    2. Verify Certificate: Ensure that the certificate used for LDAPS is valid and trusted. The certificate should be issued by a trusted Certification Authority (CA) and should match the FQDN of the LDAP server.
    3. Check Port and Firewall Settings: Ensure that the port 636 is open and accessible on the server. Verify that there are no firewall rules blocking the LDAPS traffic.
    4. Check DNS Settings: Ensure that the DNS records for the server are correct, and the FQDN you are using to connect matches the server's actual FQDN.
    5. Check Server Health: Make sure that the LDAP service is running and the server is in good health. Check the event logs for any related errors or issues.
    6. Verify LDP.exe Settings: Double-check the LDP.exe settings to make sure you are connecting to the correct server and port (636). Verify that the connection settings in LDP match your LDAPS configuration.
    7. Certificate Chain: If the LDAPS certificate has an intermediate CA certificate, ensure that the intermediate CA certificate is correctly installed on the server.
    8. Use Port Query Tool: You can use the "PortQry" tool or other network testing tools to check if port 636 is open and reachable from your client machine.
    9. Verify Network Connectivity: Ensure there are no network connectivity issues between your client and the server. You can use "ping" or other network troubleshooting tools to check connectivity.
    10. Restart Services: After making any changes to LDAPS configuration, consider restarting the LDAP service on the server to apply the changes.

    If you have tried all the troubleshooting steps and still cannot establish a successful LDAPS connection, it's possible that there might be a more specific issue with your configuration. In such cases, I recommend checking the event logs on the server for any errors or seeking assistance from a Windows Server expert or Microsoft Support to help you diagnose and resolve the issue.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.