Solved: Duo Gateway LDAPS setup

opsteam · ‎11-19-2021

I’m converting from clear text to ldaps between my on prem access gateway and my DC. I couldn’t get it to connect so I downloaded and ran the acert.exe tool. It returned back that it could talk to my DC but it was getting an expired certificate. I’ve removed the expired certificate and created a new one but now the acert.exe tool is returning

“Oh no! I failed to connect: ( err=‘read tcp 1.1.1.1:22222->1.1.1.2:636: wsarecv: An existing connection was forcibly closed by the remote host.’”

I have the new certificate in both personal and trusted root on both my DC and the gateway. I’ve tried both a client and a server auth certificate. Can anyone get me pointed in the right direction as to what my issue is?

opsteam · ‎11-19-2021

Nope. I wasn’t aware of that tool. This gives me something to go off of. Thank you!

Edit. My issue was that I wasn’t creating the certificate correctly. Using this document from Microsoft, I was able to generate a new cert, test with ldp.exe from another DC, then test with acert.exe from my Access Gateway server. I uploaded the new certificate to my Access Gateway server and voila! Thank you for getting me on the right track @DuoKristina!

View solution in original post

DuoKristina · ‎11-19-2021

Are you able to connect to the DC on 636 using LDAPS with a different tool (like LDP)?

Duo, not DUO.

opsteam · ‎11-19-2021

Nope. I wasn’t aware of that tool. This gives me something to go off of. Thank you!

Edit. My issue was that I wasn’t creating the certificate correctly. Using this document from Microsoft, I was able to generate a new cert, test with ldp.exe from another DC, then test with acert.exe from my Access Gateway server. I uploaded the new certificate to my Access Gateway server and voila! Thank you for getting me on the right track @DuoKristina!