System Event ID 36876 When Using LDAP SSL Query of the Active Directory (254610)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q254610

SYMPTOMS

When you attempt to perform Active Directory LDAP queries using a secure connection (SSL), you may receive the following error message:
There are no entries in the directory service that match your search criteria.
Also, the following error message may be added to the System Event Log:


Type: Error
Event ID: 36876
Category: None

The certificate received from the remote server has not validated correctly. The error code is 0x80090322. The SSL connection has failed. The attached data contains the server certificate.

CAUSE

This issue can occur if the Active Directory Account Properties are missing or incorrectly configured.

RESOLUTION

To resolve this issue, view and correct the Active Directory properties:
  1. Click Start, point to Programs, point to Accessories, and then click Address Book.
  2. On the Tools menu, click Accounts.
  3. Click Active Directory, and then click Properties.
  4. In the Server name box, type the fully qualified name for the computer that contains the Active Directory. For example, type the name using the following syntax

    computername.domain.com

    where computername is the name of your computer, domain is the name of your domain, and com is the extenstion of your domain.
    If the server requires you to log on, click to select the This server requires me to log on check box, and then type the account name and password in the Account name and Password boxes.
  5. On the Advanced tab, click the This server requires a secure connection (SSL) check box to enable secure LDAP queries.

    NOTE: SSL communications use port 636.
  6. In the Search base box, type the domain name and extension using the following syntax:

    DC=domain,DC=com

  7. Click OK to apply the changes.

MORE INFORMATION

For additional information about configuring clients for Active Directory searches, click the article number below to view the article in the Microsoft Knowledge Base:

238007 How to Configure Address Book to Query Users in Active Directory



For additional information about how to enable Secure Socket Layer (SSL) communication over LDAP, click the article number below to view the article in the Microsoft Knowledge Base:

247078 How To Enable Secure Socket Layer (SSL) Communication Over LDAP

Modification Type:MajorLast Reviewed:11/20/2003
Keywords:kbenv kberrmsg kbnetwork kbprb KB254610
©2003 Microsoft Corporation. All rights reserved.