We have an application integrated with LDAP for Authentication. We have Secure LDAP configured and have exchanged Certificates. We are seeing some relatively Generic Errors logged in the application and a sniffer trace show some errors: We get a friendly Server Hello then a Fatal - Certificate Unknow error. This can happen once, twice or more After witch we Do get a successful connection, the authentication request completes and Life goes on... Any idea on what might generate this condition ? Any where to look on the LDAP servers ( Should I be able to find someone Over there to talk to ??? ) <a href="https://filestore.community.support.microsoft.com/api/images/f395197c-5fa0-49e8-ae75-aed61396ee1b?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2BfFBh2dqlqMuW7np3F6Utp%2FKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2FU3qhn54ffUekH0Uxk8ESJ2ccgj58zsBwnpp4dU5bv72Ud8TsxJ8gGZkK5tGLdKaPy5PSaDxyzQEbwNC3uIXUueP%2Fo1JbXmiBmoWMnXU85YDRuT9zXbgBgRaxelE8VUuIMWTS4cEjMb2SnOxvYpfdVynSVD8IoV0lYNB3jXBDHOaydbPzB9Z%2F0DewxDYLhWPtdLGtuk4bVzGx03Gst%2B3horrsRR2Dg8C9Gac%2BAWsSlWvp8bg1UqRaJE8HK8xDyNCIi8nm9i0o968Mle2l%2BnqFBDB%2Fu9Qr8irHZGJxEh5sSPdoVInRVc%3D" title="filestore.community.support.microsoft.com" rel="ugc nofollow"><img src="https://filestore.community.support.microsoft.com/api/images/f395197c-5fa0-49e8-ae75-aed61396ee1b?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2BfFBh2dqlqMuW7np3F6Utp%2FKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2FU3qhn54ffUekH0Uxk8ESJ2ccgj58zsBwnpp4dU5bv72Ud8TsxJ8gGZkK5tGLdKaPy5PSaDxyzQEbwNC3uIXUueP%2Fo1JbXmiBmoWMnXU85YDRuT9zXbgBgRaxelE8VUuIMWTS4cEjMb2SnOxvYpfdVynSVD8IoV0lYNB3jXBDHOaydbPzB9Z%2F0DewxDYLhWPtdLGtuk4bVzGx03Gst%2B3horrsRR2Dg8C9Gac%2BAWsSlWvp8bg1UqRaJE8HK8xDyNCIi8nm9i0o968Mle2l%2BnqFBDB%2Fu9Qr8irHZGJxEh5sSPdoVInRVc%3D" alt="" /> Thanks, Don

Hello Gary, The source and destination ports are there as part of the info column: <a href="https://filestore.community.support.microsoft.com/api/images/186e91d4-8dbb-4dbf-bad9-116cefd1a0d2?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2BfFBh2dqlqMuW7np3F6Utp%2FKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2FU3qhn54ffUekH0Uxk8ESJ2ccgj58zsBwnpp4dU5bv72Ud8TsxJ8gGZkK5tGLdKaPy5PSaDxyzQEbwNC3uIXUueP%2Fo1JbXmiBmoWMnXU85YDRuT9zXZMqq5uXGHA%2B3MVt6aBadvoEDuIX%2BYqDHqZYR7dqLZfSL%2FTVlvO8RUKAkJpKax%2BOP%2Fk4Jvrkgoelap2tmLG7%2FifjPYYVBNcK9gp31phRVk%2BvAdhXn29DPuwWg5ZGt1xx9VRtQzpeTKATdWDKOkhGPLmS12ov1CSmDmPK9YI%2FHDaTGWercnuQrJ1dxn5lo8mp%2FU%3D" title="filestore.community.support.microsoft.com" rel="ugc nofollow"><img src="https://filestore.community.support.microsoft.com/api/images/186e91d4-8dbb-4dbf-bad9-116cefd1a0d2?upload=true&fud_access=wJJIheezUklbAN2ppeDns8cDNpYs3nCYjgitr%2BfFBh2dqlqMuW7np3F6Utp%2FKMltnRRYFtVjOMO5tpbpW9UyRAwvLeec5emAPixgq9ta07Dgnp2aq5eJbnfd%2FU3qhn54ffUekH0Uxk8ESJ2ccgj58zsBwnpp4dU5bv72Ud8TsxJ8gGZkK5tGLdKaPy5PSaDxyzQEbwNC3uIXUueP%2Fo1JbXmiBmoWMnXU85YDRuT9zXZMqq5uXGHA%2B3MVt6aBadvoEDuIX%2BYqDHqZYR7dqLZfSL%2FTVlvO8RUKAkJpKax%2BOP%2Fk4Jvrkgoelap2tmLG7%2FifjPYYVBNcK9gp31phRVk%2BvAdhXn29DPuwWg5ZGt1xx9VRtQzpeTKATdWDKOkhGPLmS12ov1CSmDmPK9YI%2FHDaTGWercnuQrJ1dxn5lo8mp%2FU%3D" alt="" /> Not obvious if you aren't familiar with packet capture traces, sorry. As we are using a Window LDAP service - I was hopping I could get some information about what we might be able to *see* on the LDAP server side. ( If we can ever get *there * ) One can always hope. Thanks, Don

Hello Don, Inside your green box, there are some lines that just contain "Alert (Level". How do you infer the direction of the message from that information? The server just provides the certificate and it is seemingly accepted by most of your clients. I am sure that no useful hints to the cause of the problem will be found on the server side. Gary

very interesting, I'll check it out

Hi Gary, If you would like to learn more about reading a Wireshark packet trace this is a useful resource. https://wiki.wireshark.org/ I would hope that if I am getting a " Fatal condition for Certificate Unknow" as a reply from the LDAP server - there would be some events logged to that effect on the server side. Don

An Application using LDAP for Authentication - get Certificate Unknow - Errors

Anonymous

We have an application integrated with LDAP for Authentication.
We have Secure LDAP configured and have exchanged Certificates.
We are seeing some relatively Generic Errors logged in the application and a sniffer trace show some errors:

We get a friendly Server Hello then a Fatal - Certificate Unknow error.
This can happen once, twice or more After witch we Do get a successful connection, the authentication request completes and Life goes on...

Any idea on what might generate this condition ?
Any where to look on the LDAP servers ( Should I be able to find someone Over there to talk to ??? )

Thanks,

Don

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

9 answers

Anonymous

2024-04-11T15:34:01+00:00

Hello Gary,

The source and destination ports are there as part of the info column:

Not obvious if you aren't familiar with packet capture traces, sorry.

As we are using a Window LDAP service - I was hopping I could get some information about what we might be able to *see* on the LDAP server side.
( If we can ever get *there * )

One can always hope.
Thanks,
Don
Please sign in to rate this answer.

0 comments No comments
Anonymous

2024-04-11T15:45:31+00:00

Hello Don,

Inside your green box, there are some lines that just contain "Alert (Level". How do you infer the direction of the message from that information?

The server just provides the certificate and it is seemingly accepted by most of your clients. I am sure that no useful hints to the cause of the problem will be found on the server side.

Gary
Please sign in to rate this answer.

0 comments No comments
Anonymous

2024-04-11T19:41:14+00:00

very interesting, I'll check it out
Please sign in to rate this answer.

0 comments No comments
Anonymous

2024-04-12T15:19:29+00:00

Hi Gary,

If you would like to learn more about reading a Wireshark packet trace this is a useful resource. https://wiki.wireshark.org/
I would hope that if I am getting a " Fatal condition for Certificate Unknow" as a reply from the LDAP server - there would be some events logged to that effect on the server side.

Don
Please sign in to rate this answer.

0 comments No comments

Share via

An Application using LDAP for Authentication - get Certificate Unknow - Errors

9 answers