Issue with LDAPS: RPC server is unavalaible

Copper Contributor

Hi,

I've been asked to install and deploy LDAPS on our infrastructure. 

The certification authority has initially been installed on server DC01V ( while it was running WinServer 2012 R2).

This server was deprecated 2 years ago, and replaced with DC1V.

The certification authority was moved to DC1V, and we had no issue related to it. 

 

I'm following steps to deploy LDAPS, but i'm facing an issue when Requesting a new certificate, based on my certificate template:

thomasb74_0-1704872517851.png

 

As you can see, it tries to reach DC01v which no longer exists. 

I tried to restore my root CA database etc, to migrate DC01V CA to DC1V, but that didnt help. 

 

Could you please help me to fix this?

 

Thanks a lot, 

2 Replies

@thomasb74 

If you're encountering an issue with LDAPS (LDAP over SSL) and receiving the error "RPC server is unavailable," there are a few potential causes and troubleshooting steps you can take. Here's a general guide to help you address the issue:

1. Check LDAPS Configuration:

  • Ensure that LDAPS is correctly configured on your LDAP server. This includes having a valid SSL certificate, proper port configuration (636 for LDAPS), and the required LDAP service running.

2. Firewall Settings:

  • Confirm that the necessary ports are open on the firewall. For LDAPS, port 636 should be open between the client and server.

3. Certificate Issues:

  • Verify that the SSL certificate used for LDAPS is valid, not expired, and is trusted by the client. Make sure the certificate's Subject Alternative Name (SAN) includes the server's FQDN.

4. Service Account Permissions:

  • Ensure that the account used for LDAPS has the necessary permissions on the LDAP server. This includes read access to the LDAP directory and access to the private key of the SSL certificate.

5. Check for DNS Issues:

  • Ensure that the DNS resolution is working correctly. The server's FQDN should be resolving to the correct IP address.

6. RPC Server Troubleshooting:

  • Check the Windows Event Viewer on the LDAP server for any related errors or warnings. Look for events related to LDAP, Active Directory, or RPC.

7. Test Connection Using LDP or LDIFDE:

  • Use tools like LDP (LDAP Data Interchange Format) or LDIFDE (LDAP Data Interchange Format Data Exchange) to test the LDAPS connection. This can help you identify whether the issue is specific to your application or a broader connectivity problem.

8. Check LDAP Service Status:

  • Ensure that the LDAP service on the server is running and there are no issues with its configuration.

9. Network Connectivity:

  • Confirm that there are no network connectivity issues between the client and the LDAP server. Use tools like ping or tracert to troubleshoot.

10. Update Antivirus/Firewall Software:

  • In some cases, antivirus or firewall software can interfere with LDAPS connections. Ensure that such software is not blocking the necessary ports or SSL/TLS traffic.

11. TLS/SSL Protocol Support:

  • Verify that the LDAP server and client support the same TLS/SSL protocols. Ensure that the server supports the version negotiated by the client.

12. LDAP Server Logs:

  • Check the logs on your LDAP server for any specific errors or warnings related to LDAPS connections.

13. Windows Firewall Configuration:

  • Ensure that Windows Firewall is configured to allow traffic on port 636.

14. Update LDAP Client Libraries:

  • If applicable, ensure that the LDAP client libraries are up to date. Outdated libraries may have compatibility issues with newer SSL/TLS protocols.

15. Consider Network Load Balancers:

  • If you are using network load balancers, ensure they are correctly configured to handle LDAPS traffic.

Addressing LDAPS issues often involves a combination of checking configurations, certificates, network settings, and permissions. Reviewing logs and systematically troubleshooting each potential cause will help identify and resolve the underlying problem.

Thanks @ItsBhatti for the detailled list. My issue is happening when I request the certificate, so it's clearly related to the Certification Authority name, rather than LDAPS itself.
As I cannot request the certificate, I cannot proceed with the rest.