I am putting a new BM 3.8 server into a tree with 2 other NW 6.0 SP4
servers. The BM server has NW 6.5 SP2 and BM SP2. I am doing a
"phased" roll-out, since I am working on a production server. Phase 1
was NAT and filtering, which works fine. Phase 2 is VPN. That is
where the problem started.

I copied the 657ha NICI TCP stack to Sys:\system and rebooted. The
server came up, and when I tried to load iManager I got an "internal
server error". Putting back the null stack resolved the issue, and
putting back the NICI stack caused the error again. The logger shows a
"failure to make LDAP connection" when Tomcat loads.

Heres what I have done:
Ran pkidaig, found SSL PublicSignatureKey not backlinked. Deleted and
recreated with C1.
Ran pkidiag again, and everything is fine.
In C1 validated Public Key and Trusted Root Certificates for each KMO,
all fine. (The CA is on a NW 6.0 server, if that matters.)
Checked LDAP server object for correct IP address.

Can someone offer some suggestions as where to go next?

TIA