You cannot reach a Domain Controller on port 636 with the IP Address using LDP.exe (814662)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
SYMPTOMSWhen you try to access the Active Directory with LDP.exe
using SSL (LDAP over port 636), you cannot use the IP Address of the domain
controller, you have to use the name (either host name or FQDN). CAUSEThis problem occurs because on the client side the system
compares the name stored in the certificate ("Subject" and "Subject Alternative
Name" fields) with the name specified for the connection (here the IP address).
As they don't match authentication fails and client get an error.RESOLUTIONInstead of using the IP address to reach the domain
controller, use its name (either host name or FQDN).STATUSThis behavior is by design.MORE INFORMATIONWith Schannel.dll event logging high, you can see the
following event: Event Type: Error
Event Source:
Schannel
Event Category: None
Event ID: 36884
Date:
11/02/2003
Time: 11:11:00
User: N/A
Computer:
WORKSTATION
Description: The certificate received from the remote server
does not contain the expected name. It is therefore not possible to determine
whether we are connecting to the correct server. The server name we were
expecting is 192.168.0.1. The SSL connection request has failed. The attached
data contains the server certificate. To activate the verbose mode in
event logging for schannel.dll you can need to get the checked version of
schennel.dll from Microsoft support.
| Modification Type: | Major | Last Reviewed: | 5/21/2003 |
|---|
| Keywords: | kbCertServices kbinfo kbActiveDirectory KB814662 |
|---|
|