Hi Matt
Use start_tls for AD LDAP connection was enabled and the certificate is imported. Before the upgrade from 8.3xxx to 9.1P9 it worked without Problems.
Our Workaround was to enable LDAP signing/sealing (Client Session Security = seal) and disable the options "start_tls for AD LDAP connection".
Now the access works, but our DC admins see sometimes following error in the event log:
Event Description: The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.
So my thoughts was to enable "start_tls for AD LDAP connection" simultaneously to elimate the DC errors, but when I enable this I can't connect to DC anymore.
cifs security modify -vserver svm1 -use-start-tls-for-ad-ldap true
diag secd authentication get-dc-info -node node1 -vserver svm1
Error: command failed: RPC call to SecD failed. RPC: "SecD Error: no server available". Reason: "".
regards
Thomas