Connection to AD fails when using SSL
A failing connection to the Active Directory service can have multiple reasons:
A failing connection to the Active Directory service can have multiple reasons:
Please check (for example using telnet) that a connection to Active Directory on port 636 succeeds.
Microsoft disabled support for Server certificates using MD5 with KB2862973 (mandatory update in early 2014). Using any server certificate with an MD5 signature in its entire chain will result in a connection error and event 36888 being logged on the server.
There are two workarounds:
Notice about SHA-512
Notice that certificates having a SHA-512 signature can only be used, if KB2973337 from late 2014 is installed on the server, otherwise the effect will be the same as with MD5.