WLS Will Not Connect To Active Directory On Port 636

(Doc ID 2195595.1)

Last updated on DECEMBER 11, 2017

Applies to:

Oracle WebLogic Server - Version and later
Information in this document applies to any platform.


On : version, WLS Security

WLS server in production mode that will not connect to AD server on port 636. It will connect on 389 just fine, but not secure port on 636. There is a virtually identical Dev instance that will connect

The following works:

ldapsearch -x -LLL -H ldaps://host.domain.net -D REDACTED -w REDACTED -b"DC=domain,DC=net" -s sub "(objectClass=user)" sAMAccountName

This means the host can connect to the AD server just fine. WLS will not.


The error is this:

<Sep 22, 2016 4:42:11 PM CDT> <Warning> <Security> <BEA-099117> <The LDAP authentication provider named "ADLDAP" failed to make connection to ldap server at ldaps://example.com:636, the error cause is: Connection timed out.>"

-- Note "example.com" is the literal name in the log.

When changing the Host to "FAKE.domain.net" and restarted the admin console, the error message changed to:

<Sep 22, 2016 4:34:07 PM CDT> <Warning> <Security> <BEA-099117> <The LDAP authentication provider named "ADLDAP" failed to make connection to ldap server at ldaps://FAKE.domain.net:636, the error cause is: FAKE.domain.net: unknown error.>



The first thought of why this is failing is because of SSL improperly set up for port 636 as it was working on 389.

Oracle Documentation to verify configuration:

Oracle WebLogic Server Documentation > Administration Console Online Help > Active Directory Authentication Provider: Provider Specific

Administering Security for Oracle WebLogic Server 12.1.3
14 Configuring LDAP Authentication Providers

- Configuring the Certificate Lookup and Validation Framework
- Configuring the WebLogic Keystore Provider

Use the Configuration > SSL page of the WebLogic Server Administration Console to specify identity and trust options when using a file or a JKS keystore accessed via the WebLogic Keystore provider.

Administration Console Online Help > Configure keystores


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms