Servers:
DALCON2(Windows 2008R2, DC, NPS)DALCON3(Windows 2008R2, DC)DALCON-WWW(Ubuntu server)
Goal:
From DALCON-WWW, using adLDAP with TLS to connect to a domain controller LDAP service
If I connect to DALCON2, I get: Server returned an error: [2] ldap_start_tls(): Unable to start TLS: Server is unavailable. If I connect do DALCON3, it works.
DALCON2 has a Network Policy Service (NPS) enabled to manage VPN connections. Nothing is specificly "denied" in the policies. The LDAP port is open and will respond if not using TLS, but it's unusable (stronger authentification required). I didn't find anything related to LDAP or TLS in NPS.
What might be wrong with DALCON2 that I can't connect to it?
edit
I got more debug infos:
Warning: ldap_start_tls(): Unable to start TLS: Server is unavailable in /var/www/dalcon-inc.com/dev/test/test_ldap.php on line 12
Error Binding to LDAP: 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1
edit
in the Group Policy Management Editor: Computer Configuration, Policies, Windows Settings, Security Settings, and Local Policies, and then click Security Options. In the right pane, double-click the Domain Controller: LDAP server signing requirements policy.
while setting it to "none",
DALCON2:
Plain: OK
SSL: Error Binding to LDAP: Error in the push function. / A TLS packet with unexpected length was received.
TLS: Warning: ldap_start_tls(): Unable to start TLS: Server is unavailable
DALCON3
Plain: OK
SSL: OK
TLS: OK
** edit**
DALCON3 is an exchange 2010 server with a valid SSL certificate
Found it!
I had to install my SSL certificate in IIS on
DALCON2. I exported it fromDALCON3in .pfx format and imported it back.iisresetet voilà!