If you’ve worked with connecting to Active Directory using an LDAP connection, you know that the unsecured LDAP connection port is 389, and the secured connection port is 636.  One thing that you may not have come across is when you have a Domain Controller that is also a Global Catalog you need to use a different port set for connecting, the unsecured connection port then becomes 3268 and the secured connection port is then 3269.  It’s something that’s very easy thing to change, but can be a huge PITA if you don’t know what’s going on.