Article ID: 967695 - View products that this article applies to.
In Microsoft Intelligent Application Gateway (IAG) 2007, you use the Active Directory repository on Lightweight Directory Access Protocol Secure Sockets Layer (LDAPS) port 636. When IAG 2007 tries to check the password expiration automatically, you receive the following LDAP error message:
Note All other operations for authentication and authorization work correctly.
Server Not Operational
Note The operation works correctly on non-SSL LDAP port 389 with no other configuration changes.
This problem occurs because LDAPS binds to the Internet Protocol (IP) address instead of to the fully qualified domain name (FQDN) when LDAPS checks password expiration.
To resolve this problem, install Update 1 for IAG 2007 Service Pack 2 (SP2).
For more information about Update 1 for IAG 2007 Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/968384/ )Description of Update 1 for Intelligent Application Gateway 2007 Service Pack 2
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
When LDAPS checks password expiration, LDAPS must make the binding by using the FQDN. Additionally, the binding FQDN must be the FQDN of the domain controller and not of the domain name only.
For more information about how to troubleshoot this problem, click the following article number to view the article in the Microsoft Knowledge Base:
938703For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/938703/ )How to troubleshoot LDAP over SSL connection problems
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates