AnsweredAssumed Answered

Establish a secure connection between CA SSO and User Directory placed in AD

Question asked by ajcremades on Aug 17, 2015
Latest reply on Aug 27, 2015 by ajcremades

Hi Community,


all this is quite new for me and I'm very lost and need some indications. I'm explaining where I am and to where I want to go. I have some machines under same domain. This domain is controlled by a machine where AD DS is installed. CA SSO is installed in a different machine. CA SSO is using AD as User Store. Currently there is already a successful non-SSL connection. It is using the default port 389.

I wanted to turn that connection into a secure connection. So this is what I did:



And then I registered some issues at AD.

  • At DNS I got event 4013. I solved it and I got this message to confirm it:
    • Event 2, DNS-Server-Service: The DNS server has started.
    • Event 4, DNS-Server-Service: The DNS server has finished the background loading of zones. All zones are now available for DNS updates and zone transfers, as allowed by their individual zone configuration.
  • At AD DS I got events 1220, 2887, 2886 and after solve it I got this message from event 1221
    • Event 1221, ActiveDirectory_DomainService: LDAP over Secure Sockets Layer (SSL) is now available.
  • At AD CS I got event 103. And after this one I got
    • Event 26, CertificationAuthority: Active Directory Certificate Services for AJC03-LLAB-DC-AJC03-CA was started.  DC=LLAB-DC-AJC03.AJC03.LEARNING.LAB


So I supposed that everything should be right but I still got at Admin UI: Could not contact the user directory. (The user store connection is configured as an AD namespace.)

What is going on? Do I forget maybe to do something in the client side? I'm quite new with AD DS, Certificates, etc. So I solved the problems as I came across with them. Perhaps due to my lack of knowledge there is something I'm not doing right, etc. Connection between them is perfect.

Anyone have any idea? Thanks in advance

Kind regards,

Andrés-J. Cremades