When performing Directory Synchronization, the following error is received:
"Common Error 0xe100002c. Cannot make the LDAP connection with host: domaincontroller.domain.com port: 636."
From the Migration Console and Directory Synchronization Agent (DSA) server, able to telnet to the domain controller.domain.com using port 636
The Directory Synchronization Agent (DSA) cannot connect to Domain Controller (DC) due to the public key mismatch as port 636 using a secure ldap connection.
To resolve the issue, ensure native ldp utility also able to connect successfully to the DC using port 636.
Alternative which to specify the preferred DC for DSA:
1. Select Tools | Options | Agent Manager and select the computer where DSA is installed.
2. Select View | Properties and specify for Preferred DC name that can be resolved via DNS from the computer where DSA agent is installed.
Refer to Microsoft KB Article ID 938703 - "How to troubleshoot LDAP over SSL connection problems":