An error occurs when you use the alias name from an LDAP client computer that is running Windows Vista or Windows Server 2008 to try to establish SSL connections to nodes that host the LDAP service
Consider the following scenario:
- The Lightweight Directory Access Protocol (LDAP) directory service is hosted on many nodes behind a Network Load Balancing (NLB) server.
- The nodes are protected by Secure Socket Layer (SSL) and are configured to use an alias name.
- You try to establish SSL connections to the nodes by using the alias name of the LDAP client computer that is running Windows Vista or Windows Server 2008.
In this scenario, the operation fails, and you receive the following error message:
<Result value="800B010F">The certificate's CN name does not match the passed value.</Result>
Additionally, the following Error event is logged in the System log:
Event Type: Error
Event Source: Schannel
Event ID: 36884
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is server_name. The SSL connection request has failed. The attached data contains the server certificate.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB2282241.