MicrosoftMicrosoftBenBrazil
Do you have certificate on your DC? Or just check that a DC is listening on port 636.
I believe you will not be able to negotiate TLS session over port 389. You should use port 636. Try to configure the connector to use this port.
Update:
Netapp supports signing and sealing over port 389. If you enable it, you don't need to reconfigure port to be 636 and you don't need -use-start-tls.
Enabling LDAP signing and sealing on the CIFS server
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-15C49596-0D55-4813-9559-17CBF93E6383.html
But it might not work if you have default "simple bind" as a minimum on your connector. So you might need to set "-min-bind-level sasl"
https://library.netapp.com/ecmdocs/ECMP12517204/html/GUID-0C3B906B-77BB-4E1A-8BCE-C088C69CE74D.html
