Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 1

Cannot configure ePO 5.0.1 to use Active Directory with 'use SSL'

Forgive me if I am missing something obvious, but I have read through the Product and Installation guides and seem to have things set up correctly.  For reference I am running ePO 501L on Windows Server 2008 R2 against Active Driectory at the 2008 R2 forest/domain functional level, and wish to register an LDAP (Active Directory) server to synchronize my System Tree and selectively map ePO accounts.

All in all ePO is working nicely, however when I try and register an LDAP/AD server and click 'Test Connection' I get the following results:

  • If I check the box "Use SSL" I get an error "Unable to communicate with the LDAP server.  Verify the settings you specified are correct."
  • If I uncheck the box "Use SSL" I get an error: "Unable to authenticate with the LDAP server.  The server requires SSL connections.  Enable SSL and retry."

So I started looking to Group Policy, and noticed the following:

  • The security setting "Domain Controller: LDAP server signing requirements" is set to "Require signing" on my domain controllers.
  • The security setting "Network security: LDAP client signing requirements" is set to "Require signing" on all my client systems.

So I backed out these two settings, and now I can successfully connect to Active Directory but only if I do not check the box "Use SSL".  However these security settings are ultimately required in our infrastructure for FDCC compliance, so this is at best a workaround, and I am obviously uncomfortable doing any LDAP authentication against AD without encryption.

One thing I do not have is a Microsoft CA in this environment nor am I distributing the server certificate for my domain controllers using Group Policy as I have no reason to do so and previous versions of ePO had native AD connectors.  But perhaps this is the missing step?

Thanks in advance for any help.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community