Symptom:
LDAPS (LDAP over SSL) authentication is failing on your Domain Controller and you have the Protect Agent installed.
Cause:
LDAP over SSL (LDAPS) connections on the Domain Controller are using the Shavlik Agent certificate. The root cause of the issue is how LDAPS determines what certificate to use. If there are multiple certificates that meet Schannel corticated requirements the Domain Controller will use the first valid certificate. The Protect Agent's certificate will be listed first therefore the Domain Controller will choose it to use instead of the correct certificate for LDAPS authentication.
Please see Step 3 from How to troubleshoot LDAP over SSL connection problems
Resolution:
- Follow Microsoft’s workaround: Event ID 1220 — LDAP over SSL
- Remove the Shavlik Agent from your Domain Controller.
We are looking into methods to workaround the certificate selection method Microsoft uses and hope to have a fix in the next version of Protect.