This is one of those solutions where you’re not 100% sure why it works but it just does. If you’re tearing your hair out trying to get LDAP to run over SSL, and seeing ‘8009030e’ , give this a go.
I have a under appreciated AD 2008 server which we use to test with IBM Web Content Manager. Recently I had to get it integrated with WebSphere Portal over SSL. I was sure when I set it up all those years ago that SSL worked, but today all I saw was a reset connection and the following error message in the Event logs:
Additional Data
Error value:
8009030e No credentials are available in the security package
After one of those Googling sessions where you end up with 30 browser tabs and you get no closer whatever you try (making a new self signed cert, trying openssl instead, resetting permissions on random registry keys and folders) I thought – why not see if the certificate works with IIS?
IIS wasn’t set up to use SSL, so following the instructions here (start from “IIS manager”) I set up a binding to the SSL port and noticed that my new self signed certificate wasn’t in the list of possible certificates in the ‘Add Site Binding’ window. Looking up a few steps – it seems like there’s a nice button labeled ‘Create a self signed certificate’. Once I bound that to IIS, SSL worked fine from a browser. And wouldn’t you know it, then the LDAP over SSL started to work! I didn’t even need to restart AD. Worth a try right?
OMG.. thank you so much for publishing this. I was racking my brain for hours trying to figure out how to get rid of this stupid error and why LDAPS wouldn’t work for me. After applying this fix, I could use LDP from other servers to connect on 636 finally.
Actually, I wonder how this solution can ever work, but thanks because it helped me to progress anyway. My approach was slightly different:
– I created a certificate through the IIS console (not self-signed, but signed by the CA on my machine) , and then imported it in AD LDS (Windows Server 2013). As opposed to earlier attempts, this time it worked.
My previous attempts were through the Certificate Snap in and the localhost/certsrv links.
Thanks for posting this. Saved me too.
The information of this post was very useful for me too. Thanks for share it
I had the same luck as Gerwin, except mine is on a Windows Server 2012. Until I created the certificate through IIS and then imported it into my AD LDS instance, is only when the LDAP over SSL worked successfully for me. Thanks for the tip!