Symantec Privileged Access Management

Cannot connect to a domain controller on the specified domain 

08-10-2018 01:56 PM

If you ever get error "Cannot connect to a domain controller on the specified domain" when trying to vault a target account using the Windows Domain Service.


Check the domain controller is running with a valid SSL cert.   

1. Launch Active Directory Administration Tool (Ldp.exe) from the domain controller.

2. Click Connection, Connect

3. Enter IP/FQDN of DC.  Port 636, select SSL

4. Click OK


If you get "Can not open connection" error message then there's no SSL cert for the Domain controller.


A good connection will show:

ld = ldap_sslinit("domain1", 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 0 = ldap_connect(hLdap, NULL);
Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
Host supports SSL, SSL cipher strength = 256 bits

remaining output truncated...

Along with information about the ssl cert on the domain controller

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.