DCE connect to AD via ssl error

DCIM_Support · ‎2020-07-05

Hello

How I can fix the following error during connect from DCE to AD via security port ?

30/19 10:44:05.430 ERRR - Error connecting to LDAP server ldap://10.1.1.1:636/:javax.naming.ServiceUnavailableException: 10.1.1.1:636; socket closed
(com.netbotz.server.services.usergroup.impl.LdapAuthServer)
6/30/19 10:44:05.430 ERRR - Cannot bind to LDAP server at "10.1.1.1" with supplied DN and password
(com.netbotz.server.services.usergroup.controllers.RemoteAuthController)
6/30/19 10:44:14.965 ERRR - Error connecting to LDAP server ldaps://10.1.1.1:636/:javax.naming.CommunicationException: 10.1.1.1:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
(com.netbotz.server.services.usergroup.impl.LdapAuthServer)
6/30/19 10:44:14.965 ERRR - Cannot bind to LDAP server at "10.1.1.1" with supplied DN and password
(com.netbotz.server.services.usergroup.controllers.RemoteAuthController)

DCIM_Support · ‎2020-07-05

Hi Boris,

Have you added the AD cert to DCE? If not, that would explain the error stating it is unable to find the cert.

What version of DCE are you using?

What version AD?

Do you know the version of TLS the AD system is using.

Does the configuration work if you configure it without SSL?

Steve.

DCIM_Support · ‎2020-07-05

The version of the DCE 7.5

How I can add cert to DCE . That will be automatically when I connect to domain controller of the domain .

DCIM_Support · ‎2020-07-05

Hi Boris,

When adding a cert for communications with any external system (e-mail, AD, even NetBotz), go to the System menu, Then Server Administration Settings, then Server SSL certificates:

Here you can add the certs for external system communications.

Steve

DCIM_Support · ‎2020-07-05

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.