Hello,

I cant connect with LDAP-over-SSL anymore (changes before the Problem Windows 2012R2 actuell updates + server certificate was renewed because of time out):

test aaa-server authentication lokal_LDAP host 192.168.5.240 username user123 password password123

NFO: Attempting Authentication test to IP address <192.168.5.240> (timeout: 12 seconds)

[-2147483531] Session Start
[-2147483531] New request Session, context 0x00007f6d921538b0, reqType = Authentication
[-2147483531] Fiber started
[-2147483531] Creating LDAP context with uri=ldaps://192.168.5.240:636
[-2147483531] Connect to LDAP server: ldaps://192.168.5.240:636, status = Failed
[-2147483531] Unable to read rootDSE. Can't contact LDAP server.
[-2147483531] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2
[-2147483531] Session End
ERROR: Authentication Server not responding: AAA Server has been removed

Current cipher configuration:
default (custom): DES-CBC3-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384

aaa-server lokal_LDAP (inside) host 192.168.5.240
 server-port 636
 ldap-base-dn DC=net, dc=intern
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn cn=ldap xxx,cn=Users, dc=net, dc=intern
 ldap-over-ssl enable
 server-type microsoft
 ldap-attribute-map AD_MAP

No problems if I connect on server port 389 and no ldap-over-ssl.

If I connect with ldp.exe to thist host with Port 636 and SSL I´m able to connect.

Is there something like a fingerprint, need to be deleted before it is possible to connect again?

Thank you for your help.

Best regards

Thorsten