I found this discussion when I was having the exact same problem, it turned out that in the ldap server configuration page is was looking for SAMAccountName and the certificate was passing userPrincipalName, I changed the relevant field to now look f...