Question

Q: Cannot connect to LDAP SSL with Error 81 on server with CNAME interface

Error Encountered
Cannot connect to Internet Directory Service (LDAP) server: ldap.bar.com. Check your network connection or modify your Address Book settings

Set up
LDAP server ldap.bar.com is a Canonical name interface to server1.bar.com, which server1.bar.com serves the LDAP SSL service with server name "ldap.bar.com" in the SSL cert.

In Outlook Account setup, the server name is inputted as "ldap.bar.com", with proper authentication.

Issue
Cannot establish SSL connection to the server

Diagnosis
Already diagnosed with Ldp, with following result.
ld = ldap_sslinit("ldap.bar.com", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to ldap.bar.com.

Windows System Logs - Source: SChannel
The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is server1.bar.com. The SSL connection request has failed. The attached data contains the server certificate.

Answer

A:

Done further research and stumbled upon 

Win 7/2008 R2: http://support.microsoft.com/kb/2275950/en-us 
Win Vista/2008: http://support.microsoft.com/kb/2282241/en-us

While the hotfix cannot be installed for some reason for my case, after adding the registry as mentioned below the issue has been resolved.
  1. Start Registry Editor.
  2. Locate the following key in the registry: 
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP
  3. Create a new REG_DWORD value named UseHostnameAsAlias, and set the value to anything other than zero.
  4. Exit Registry Editor, and then restart the computer.
While this is not 100% what we are looking as a solution, this seems to be the best possible solution so far until MS release a fix on it.

Did this solve your problem?

Sorry this didn't help.



 
Question Info

Views: 12,834 Last updated: June 20, 2018 Applies to: