My Oracle Support Banner

OID 12c: After Reconfiguring DIP from SSL Mode 1 to SSL Mode 2, Connection to AD Fails with: cannot connect directory server at <AD_HOSTNAME> : <AD_SSL_PORT> (Doc ID 2627619.1)

Last updated on SEPTEMBER 03, 2020

Applies to:

Oracle Internet Directory - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Internet Directory (OID) 12c with Directory Integration Platform (DIP).

Initially configured DIP for SSL mode 1 with OID and non-ssl to Microsoft (MS) Active Directory (AD) profile and it worked.

After reconfiguring for SSL mode 2 for both OID and AD, ldapbinds all work but unable to connect to AD from the Test Connection button within the profile:

  (x) Error

  cannot connect directory server at <AD_HOSTNAME> : <AD_SSL_PORT>


Additional symptoms:

If setting only one cipher in DIP (e.g., matching an openssl test connection output to AD output), and removing the two anon ciphers (from the original SSL mode 1 configuration), then the following happens:
- MBeans and Quartz Scheduler are down
- Profile disappears / is no longer visible in Enterprise Manager (EM) Fusion Middleware (FMW) Control
- Errors trying to accessing DIP menu items

Adding the two anon ciphers back, the above all work but then unable to connect to AD from the Test Connection button within the profile again with the same error above.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.