topic Re: R82 + Windows Server 2025 – LDAPS Connection Fails in Firewall and Security Management

R82 + Windows Server 2025 – LDAPS Connection Fails

ghosty — Wed, 18 Feb 2026 15:29:36 GMT

Hi,

In my lab environment I'm running:

Check Point R82 – Build 151
Distributed deployment
Windows Server 2025
LDAPS (port 636)
AD CS Enterprise Root CA

Working:

Port 636 reachable
I can browse AD structure in SmartConsole

Failing:

Connection attempts fails with:
“Gateway could not connect to… Credentials are valid, but LDAP communication with the server failed.

I have done the solution steps in sk164834.

On both SMS and Gateway:

cpopenssl s_client -connect DC_FQDN:636

Returns:

Verify return code: 21 (unable to verify the first certificate)

Question:

Is anyone able to replicate this behavior on R82 with Windows Server 2025?
Any tips on additional troubleshooting steps would be appreciated.

Thanks.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 14:57:34 GMT

@Vincent_Bacher

I believe you may had mentioned in one post you had this windows server 2025 in the lab? Apologies if I am mistaken. I spoke to Casper about this yesterday, but we dont sadly have that image in the lab, so cant set one up to test. Based on remote we did, Im 99.99% sure it is something on that server causing an issue, as we dont even see any drops or traffic even hitting the firewall. We even disabled native windows fw on the server, no joy.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

Chris_Atkinson — Wed, 18 Feb 2026 14:53:10 GMT

Please confirm the Jumbo take applied to the MGMT / gateways and version of IDC if used etc.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 15:00:00 GMT

Well, you are in luck, my friend. I just checked and looks my colleague did upload windows 2025 image, so give me some time, will let you know in 1 hour tops if it works or not.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 15:42:53 GMT

@ghosty

Just set it all up, rebooted, disabled windows fw, exact same issue as you...let me keep working on it and see if I can fix it.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 15:52:43 GMT

I tested with any any allow rule, got exact same issue like you did Casper when we did remote yesterday, so thats how Im 100% sure its windows issue.

Here is what I ran to make it work (found this after 10 mins on Google lol)

netsh advfirewall set allprofiles state off

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

ghosty — Wed, 18 Feb 2026 16:46:59 GMT

This did not solve the issue for me, unfortunately.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

ghosty — Wed, 18 Feb 2026 16:47:35 GMT

Just running the base version atm.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 16:47:54 GMT

I did reboot after doing it, mind you.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

ghosty — Wed, 18 Feb 2026 16:54:09 GMT

Still didn't work after reboot 😞

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 16:55:24 GMT

Sorry mate, I got nothing else then 😞

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

Vincent_Bacher — Wed, 18 Feb 2026 17:23:48 GMT

No I just suggested some debugs.

Any news about the issue ?

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 17:37:24 GMT

Got it, sorry, my bad then.

@ghosty , here is IA debugs I got from TAC while back.

# cd $FWDIR/log
# rm pdpd.elg.*
# echo "=debug_start=" >> $FWDIR/log/pdpd.elg
(•) To turn pdp debug on:
# adlog a d on
# pdp debug on
# pep debug on
# pdp debug set all all
(•) Replicate the issue
(•) To turn them off:
# adlog a d off
# pdp debug unset all all
# pdp debug off
# pep debug off
# pdp d reset
# pep d unset all all
Collect debug:
$FWDIR/log/pdpd.elg
# tar zcvf pdpd_debugs.tgz pdpd.elg*
# tar zcvf pepd_debugs.tgz pepd.elg*

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

Lesley — Wed, 18 Feb 2026 17:40:17 GMT

Never good idea to run base version without jumbo take. What about IDC? Or you use AD query? Are you able to fetch the fingerprints and branches in the ldap account unit?

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 17:42:30 GMT

Not sure if thats even related, but nevertheless, I always install latest jumbo in my lab the day it comes out.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

Vincent_Bacher — Wed, 18 Feb 2026 18:09:58 GMT

consider increasing the debug file size and number of rotations

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Wed, 18 Feb 2026 18:17:54 GMT

Yes, good point, Vince.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

the_rock — Thu, 19 Feb 2026 03:29:59 GMT

Hey Casper,

Mind sending the output of services.msc from your lab windows? I want to compare it to mine, see if its different.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

Vincent_Bacher — Thu, 19 Feb 2026 06:49:01 GMT

Is this question "Are you able to fetch the fingerprints and branches in the ldap account unit? " answered?
And are the debugs collected?

Asking because in pdpd.elg you can clearly see all details about ldap communication and due to the error message in the starting post i would says pdpd.elg will be helpful to see any hints.

Re: R82 + Windows Server 2025 – LDAPS Connection Fails

ghosty — Thu, 19 Feb 2026 09:46:20 GMT

Yes, fetch is working.

Debug files are attached.