Re: schannel failure between AD CA and NT Domain
From: D. Cross [MS] (vaq130@hotmail.com)
Date: 05/08/02
- Next message: D. Cross [MS]: "Re: Certificate Authority"
- Previous message: D. Cross [MS]: "Re: How to remove a CA from the AD?"
- In reply to: Paul Landry: "schannel failure between AD CA and NT Domain"
- Next in thread: Paul Landry: "Re: schannel failure between AD CA and NT Domain"
- Reply: Paul Landry: "Re: schannel failure between AD CA and NT Domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "D. Cross [MS]" <vaq130@hotmail.com> Date: Wed, 8 May 2002 09:55:44 -0700
Is the root CA certificates trusted on both the client and server machines?
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. "Paul Landry" <plandry@frametech.com> wrote in message news:OhRhVvg9BHA.2608@tkmsftngp07... > Hi All, > I have a test lab, which contains an Active Directory domain ( > lab.frametech.com ). > On the AD Controller for this domain( Advanced Server 2000 SP2 + All > Hotfixes as of today ), I have installed the Windows Certificate Authority. > I am testing out LDAP connections to the AD on this machine. > In non-secure mode, I can create an LDAP connection no problem, and retrieve > info. > In SSL mode, any client/server that is part of the AD can create a secure > connection to the retrieve info. > Any client/server that is not part of the AD is unable to create a SSL > connection. > On a Win2KPro SP2 ( + all current Hotfixes ) client, the event log shows the > following error. > "Source : SChannel Event ID: 36876 > The certificate received from the remote server has not validated correctly. > The error code is 0x80090327. The SSL connection request has failed. The > attached data contains the server certificate." > Looking in the MS knowledge-base I see KB Q288100, which was fixed in SP2. > I've verified that the dll's mentioned are the same or newer than those > mentioned in the KB article. > > The client connection problem seems to stem from the fact that the client > are in an NT 4.0 Domain ( FRAMETECH.LEB ). The NT 4.0 Domain Controller is > SP6a + all current hot fixes. I have two-way trusts established between the > FRAMETECH.LEB and lab.frametech.com domains. > Also, all FRAMETECH.LEB Domain Users have Administrator Authority to the > lab.frametech.com directory. > > From the FRAMETECH.LEB clients, I can request and install Certificates from > the lab.frametech.com Certificate Server. > I've set up the lab.frametech.com certificate authority as a Trusted CA, and > all certificates, and revocation lists have appeared to install properly. > > However, I can not get an SSL connection to work between any machine outside > of the lab AD. > > I also have an iPlanet 5.1 Directory Server, running on a Solaris box, for > which I've issued certificates to, as well, with the same result. > I had tried to run iPlanet on an NT 4.0 SP6a box, but anytime I tried to > installed a Certificate, issued by the lab AD, the NT box GPF's. > But that's another bridge to burn. > If I can get the cross-domain issue first, I can move on to the next > problem. > > Anybody have any ideas on this one? > > Thanks > > Paul Landry > QA/Test Lab Manager > Framework Technologies Corp. > >
- Next message: D. Cross [MS]: "Re: Certificate Authority"
- Previous message: D. Cross [MS]: "Re: How to remove a CA from the AD?"
- In reply to: Paul Landry: "schannel failure between AD CA and NT Domain"
- Next in thread: Paul Landry: "Re: schannel failure between AD CA and NT Domain"
- Reply: Paul Landry: "Re: schannel failure between AD CA and NT Domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
