Welcome to ISAserver.org
My Profile |
My Subscription |
My Forums |
Address Book |
Member List |
Ticket List |
ldaps between domain controller and isa 2006 failing.
Users viewing this topic:
|Logged in as: Guest
| Login || |
ldaps between domain controller and isa 2006 failing. - 24.Feb.2012 12:12:39 PM
I have a single honed isa server in a dmz. I've opened up all the port needed. But I cannot seem to ldaps auth to my domain controller.
The firewall is not blocking any ports
I read this article about running netmon and looking at the TLS handshake.
Troubleshooting Forms Base Authentication using Secure LDAP Authentication on ISA Server 2006
About half way down the page it shows a correct transmission, but it is expired.
I think my problem is it's requesting the wrong certificate.
When the isa communicates with the domain controller, it's supplying the domain controllers certificate.
What do I need to do to resolve the problem?
Frame: Number = 46, Captured Frame Length = 1434, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-0D-56-6F],SourceAddress:[00-02-B3-E8]
+ Ipv4: Src = 192.168.xxx.xx, Dest = 192.168.xxx.xxx, Next Protocol = TCP, Packet ID = 32567, Total IP Length = 1420
+ Tcp: Flags=...A...., SrcPort=ldap protocol over TLS/SSL (was sldap)(636), DstPort=1208, PayloadLen=1380, Seq=1604438344 - 1604439724, Ack=2229901823, Win=65454 (scale factor 0x0) = 65454
TLSSSLData: Transport Layer Security (TLS) Payload Data
- TLS: TLS Rec Layer-1 HandShake: Server Hello. Certificate.
- TlsRecordLayer: TLS Rec Layer-1 HandShake:
+ Version: TLS 1.0
Length: 5280 (0x14A0)
- SSLHandshake: SSL HandShake Certificate(0x0B)
Length: 77 (0x4D)
+ ServerHello: 0x1
Length: 1396 (0x574)
- Cert: 0x1
CertLength: 1393 (0x571)
CertificateLength: 1390 (0x56E)
- X509Cert: Issuer: XXX,xxx,local, Subject: dc2.xxx.local
- TbsCertificate: Issuer: XXX,xxx,local, Subject: dc2.xxx.local
+ Version: v3 (2)
+ SerialNumber: 0x1e2b106e000000000029
+ Signature: Sha1WithRSAEncryption (1.2.840.1135126.96.36.199)
+ Issuer: XXX,xxx,local
+ Validity: From: 08/27/11 21:14:27 UTC To: 08/26/12 21:14:27 UTC
+ Subject: dc2.xxx.local
+ SubjectPublicKeyInfo: RsaEncryption (1.2.840.1135188.8.131.52)
+ SignatureAlgorithm: Sha1WithRSAEncryption (1.2.840.1135184.108.40.206)
| New Messages
|| No New Messages
| Hot Topic w/ New Messages
|| Hot Topic w/o New Messages
| Locked w/ New Messages
|| Locked w/o New Messages
| Post New Thread
Reply to Message
Post New Poll
Delete My Own Post
Delete My Own Thread