Scribd
Upload
9 views5 pages

Troubleshoot Ad

This document provides steps to determine if an LDAP server is permitting binds via LDAPS using LDP.exe and Microsoft Network Monitor 3.4. It describes connecting to the LDAP server with LDP.exe, capturing the network trace with Monitor 3.4, and comparing the certificate serial number in the trace to the one in the server's certificate store to identify the certificate facilitating the LDAPS authentication.

Uploaded by

otra dos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views5 pages

Troubleshoot Ad

This document provides steps to determine if an LDAP server is permitting binds via LDAPS using LDP.exe and Microsoft Network Monitor 3.4. It describes connecting to the LDAP server with LDP.exe, capturing the network trace with Monitor 3.4, and comparing the certificate serial number in the trace to the one in the server's certificate store to identify the certificate facilitating the LDAPS authentication.

Uploaded by

otra dos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Determine if LDAP server is permitting binds via LDAPS using LDP.

exe
Test Domain: TheDroog.droog
Client: Windows 10 with RSAT tools installed (IP address: 192.168.72.10)
LDAP/Domain Controller: Windows Server 2016 Domain Controller (IP address: 192.168.72.100)
Run ldp.exe 1.) Click start > Run
2.) Open ldp.exe (included with Windows 10 Remote Server Admin tools)

3.) Click Connection > Connect

4.) Server = Your LDAP server name or DC


Port = 636
SSL checkbox checked
5.) Unsuccessful connection:

This indicates that there is no valid certificate facilitating LDAPS requests. Steps would need to
be taken to install/configure a certificate (outside of the scope of this document), but a good
tutorial for reference:
https://www.youtube.com/watch?v=JFPa_uY8NhY
6.) Successful connection via LDAPS:

7.) Test an LDAPS Bind:


Bind via LDAPS is successful

Using Microsoft Network Monitor 3.4 to determine which Cert is performing LDAPS binds

On client computer
Start a trace

On client computer establish an LDAPS connection to the LDAP/DC server via LDP.exe (process above)
After successful
LDAPS connection
via LDP.exe stop
trace
Open tracefile in 1.) File > Open > Capture: browse to trace-file.
Microsoft Network 2.) After tracefile is loaded, if error “Requires full common parsers…” is encountered
Monitor 3.4 i) Tools > Options
ii) Parser Profiles Tab
iii) In available Parser Profiles window > Right click Windows > Set as Active.
3.) Load IPv4 standard filter and filter for the IP of the LDAP/DC server
4.) Scroll through the Frames to find the handshake between client IP and DC IP with
description:
TLS:TLS Rec Layer-1 HandShake: Server Hello. Certificate
5.) In the bottom Frame Details pane, navigate through the nested details to:
TLS > TlsREcordLayer: TLS Rec Layer-1 Handshake: > SSLHandshake: SSL HandShake Certificate (0x0B) > Cert: 0x1 > Certificates: > X509: Issuer…DC info >
TbsCertificate: Issuer: DC info > Make note of Serial Number (We will compare it to the SN# in the MS Personal Certificate store)
Serial Number in this example = 0x6600000002aabealba00a60014000000000002
6.) On Domain Controller run certlm.msc

7.) Browse to Certificates – Local Computer > Personal > Certificates


8.) Double click each certificate > Details Pane and compare the Serial number to what was
found in MS Network Monitor 3.4

The serial number has been found and definitively shows which certificate is performing the
LDAPS authentication.
LDAP over SSL (LDAPS) Certificate
https://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx

Using ldp.exe
https://www.active-directory-security.com/2016/06/ldp-for-active-directory-download-usage-tutorial-and-
examples.html

Microsoft Network Monitor 3.4 download


https://www.microsoft.com/en-ca/download/details.aspx?id=4865

Troubles with Parsers in MS Net Mon 3.4:


https://enblog.alex-trofimov.com/2011/06/20/network-trace-without-netmon-wireshark-etc/

You might also like