Policy Server was connecting to Active Directory via secure channel as a Policy Store or a User Store.
It had been working fine but suddenly it has permanently lost connection to AD.
Connecting via LDAP(without SSL) works but that blocks users from changing their password.
Policy Server: R12.52SP1 (Not limited to specific version or OS)
Active Directory: Windows Server 2008 (R2) or Windows Server 2012 (R2)
Active Directory Certificate was silently updated with wrong certificate template(Domain Controller Authentication Template) resulting in a Certificate that lacks CN value.
Netscape LDAP SDK used in Policy Server for "LDAP" namespace requires CN(Subject Name) field of certificate and this fails.
* Certificate AutoRenew kicks in 6 weeks before expiry
Issue a new certificate using "Domain Controller" template.
* This issue does not occur when using AD namespace.
[Domain Controller Template]
You can see here that the SUBJECT NAME will be sourced from the information available in the Active Directory.
[Domain Controller Authentication Template]
You can see here that the SUBJECT NAME is "None" by default.
And it is adding "ALTERNATE SUBJECT NAME" using DNS name.
Following screenshot will explain the template used for the initial Active Directory was from "Domain Controller" template.
And it also shows that the SUBJECT has a value of TESTMC1.ssl.lab.
Release: ESPSTM99000-12.51-Single Sign On-Extended Support Plus