Microsoft KB Archive/264343

= Error Message: 0x80090322 When Binding with SSL to Site Server LDAP =

Article ID: 264343

Article Last Modified on 8/6/2002

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q264343



SYMPTOMS
When you attempt to securely bind to a server that is running Microsoft Site Server Lightweight Directory Access Protocol (LDAP) using secure sockets layer (SSL), you may receive one or more of the following error messages:  Event Viewer may log one of the following error messages:

Event Source: Schannel

Event ID: 36876

Description: The certificate received from the remote server has not validated correctly. The error code is 0x80090322. The SSL connection request has failed. The attached data contains the server certificate. Event Source: Schannel

-or-

Event ID: 36876

Description: The certificate received from the remote server has not validated correctly. The error code is 0x80090325. The SSL connection request has failed. The attached data contains the server certificate.

 Your LDAP server returns error message -2147016646 (0x8007203a). This error equates to LDAP_SERVER_DOWN.

NOTE: This error only occurs on a Windows 2000-based client.



CAUSE
You do not have a correct configuration to bind to an SSL-secured Site Server LDAP server.



RESOLUTION
To resolve this issue, verify that all of the following items are true:  The bind call in your code must reflect the same server name as specified in the SSL certificate. For example, if the common name of your LDAP server in the SSL certificate is. .com, and you have a call that is similar to the following sample call, you must change the ldapserver entry in the code to. :

Set oRoot = oLDAP.OpenDSObject(&quot;LDAP://ldapserver/o=microsoft&quot;, &quot;cn=administrator,ou=members,o=microsoft&quot;, &quot;password&quot;, 0)

 The server name must be a fully qualified domain name, such as. .com. It cannot be a NetBIOS name or Internet protocol (IP) address. The Windows 2000-based client that is attempting to bind to the LDAP server must have the proper root Certificate Authority (CA) installed that corresponds to the SSL certificate on the LDAP server.</li></ul>

<div class="moreinformation_section">

MORE INFORMATION
This behavior is no different from when you are connecting to a Web site by using HTTPS. The browser prompts you if the server names do not match, or if the client does not have the root CA installed. In this case, the browser is the client application and returns an error message to inform you of the incorrect configuration.

When you are writing an LDAP client application, you must provide the same functionality.

Keywords: kbprb KB264343

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.