Article ID: 839514 - View products that this article applies to.
A client computer may not be able to authenticate to a Microsoft Windows Server 2003 domain controller or to a Microsoft Windows 2000 domain controller by using Lightweight Directory Access Protocol (LDAP) over a Security Sockets Layer (SSL) connection. The following event ID error message is logged to the system event log on the client computer:
Additionally, the System event log may also log the following event when the server side certificate fails:
Event ID: 36881
This issue occurs because LDAP caches the certificate on the server. Although the certificate has expired and the server receives a new certificate from a CA, the server uses the cached certificate. You must restart the server before the server uses the new certificate.
To work around this issue, restart the server after the server receives a new certificate from the CA.
For more information about how to troubleshoot similar event ID 37876 error messages, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/254610/ )System Event ID 36876 when using LDAP SSL query of the Active Directory
(https://support.microsoft.com/kb/822406/ )Clients cannot authenticate with a server after you obtain a new certificate to replace an expired certificate on the server
Article ID: 839514 - Last Review: October 30, 2006 - Revision: 2.2