Forgive me if I am missing something obvious, but I have read through the Product and Installation guides and seem to have things set up correctly. For reference I am running ePO 501L on Windows Server 2008 R2 against Active Driectory at the 2008 R2 forest/domain functional level, and wish to register an LDAP (Active Directory) server to synchronize my System Tree and selectively map ePO accounts.
All in all ePO is working nicely, however when I try and register an LDAP/AD server and click 'Test Connection' I get the following results:
So I started looking to Group Policy, and noticed the following:
So I backed out these two settings, and now I can successfully connect to Active Directory but only if I do not check the box "Use SSL". However these security settings are ultimately required in our infrastructure for FDCC compliance, so this is at best a workaround, and I am obviously uncomfortable doing any LDAP authentication against AD without encryption.
One thing I do not have is a Microsoft CA in this environment nor am I distributing the server certificate for my domain controllers using Group Policy as I have no reason to do so and previous versions of ePO had native AD connectors. But perhaps this is the missing step?
Thanks in advance for any help.