Unable to add domain with LDAP SSL certificate.

Problem

You will see an error as "SSL certificate not found in AD" or "The specified port number is not reachable" under Admin tab -> SoM -> Add Computers -> Add domain page, while trying to include security certificates.

Cause

This error will occur on the following cases, viz.

  1. When the port number specified is not reachable.
  2. When the security certificates are not uploaded in Active Directory(AD).

Resolution

You can resolve this issue as follows:

Check and ensure that the port configured is not blocked or used by some other operation (default being port- 636).

  • From the machine where the Desktop Central Server is installed, open command prompt and type the following command and check if the specified Domain Controller is live and reachable telnet (domain controller name/IP/FQDN) (port number)
    Example: telnet 127.0.0.1 636
    If you are able to establish the connection, then the port is not blocked and your domain controller is live.

Check and ensure that you have pushed the necessary security certificates to your Active Directory.

  • Refer to this page to know the steps to push security steps to Active Directory.

Check and ensure the trust relationship between the Server and Certification authority

  • Refer to this page to know the steps to enable the trust relationship between the machine in which your Desktop Central Server is running and Certification Authority
  • If the domain you want to add and the machine in which your Desktop Central Server is running belongs to different forests, ensure you have created a two way forest trust.
  • Also, if you have segregated your network into various forests, ensure you have created a two way forest trust. Refer to this page to know the steps to create a two way forest trust on both sides

Unable to resolve this issue?

If you still have troubles in resolving the issue. Contact support desktopcentral-support@manageengine.com