Question

我正在尝试连接到一个活动目录轻量级目录服务的例子 2008 R2, 通过一个由.NET 4 网络服务连接的安全的 SSL 连接, 我正在获取“ 服务器无法运行”。错误。

I am using a user which was created using the ADSI Editor and placed in the Administrator Role.
I am able to login/connect via ADSI editor with this user using SSL and simple binding, and
I can connect with the web service using the same user credentials but using the non-SSL port.
I am using the distinguished name and
the user is definitely not inactive.

这是我用来绑定的代码:

 DirectoryEntry entry = new DirectoryEntry("LDAP://2.2.2.2:636/DC=nfa,DC=local");
            entry.Username = "CN=ldapadmin,DC=nfa,DC=local";       
            entry.Password = "P@ssw0rd";
            entry.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;

我也试过这样:

DirectoryEntry entry2 = new DirectoryEntry("LDAP://2.2.2.2:636/DC=nfa,DC=local", "CN=ldapadmin,DC=nfa,DC=local", "P@ssw0rd", AuthenticationTypes.SecureSocketsLayer);

Answer 1

服务器需要安装一个 SSL 证书,该证书应安装在 < a href="http://support.microsoft.com/kb/32851] rel=“nofollow”>meet 文档中的要求。测试与 LDP 的连接。您需要使用完全合格的机器域名连接。上面的 IP 地址由 FQDN 替换, 您应该全部设置。

Answer 2

@ColinBowern提到您需要提供完全合格的域名(FQDN)而不是IP, 因为证书是发给FQDN的。

首先,核实在远程机器上向AD LDS注册的证书安装正确无误:

Run certmgr.
Verify the Certificate Authority (CA) that issued the certificate exists in the Trusted Root Certification AuthorityCertificates store.
Verify the certificate exists in the PersonalCertificates store with the correct FQDN (the domain name of the remote machine), issued by the above CA and of type "Server Authentication".

第二, FQDN might not 正确解析到远程机器, 原因是 DNS 注册错误。验证本地机器将正确的 IP 映射到 FQDN (如证书名称所示) 。如果没有条目, 需要添加 IP IP 。

192.168.1.34    domain.name    # <-- FQDN as shown in the certificate

友情链接