That helped somewhat. It got me to a new error:
[2016-09-07 14:58:52,726][WARN ][shield.authc.activedirectory] [node_test01] authentication failed for user [KibanaTest]: failed to connect to any active directory servers
cause: com.unboundid.ldap.sdk.LDAPException: An error occurred while attempting to connect to server mydomain.com:636: java.io.IOException: Hostname verification failed because the expected hostname 'mydomain.com' was not found in peer certificate 'subject='CN=domaincontroller.mydomain.com' dNSName='domaincontroller.mydomain.com''.
Our domain is load-balanced between three DCs, and the DC that was indicated in the error message was one of them. Is this indicative of me needing to add load-balancing settings to the configuration, more information in the keystore, both, or something else? I read through the information in another question posted here (link). I tried hostname_verification: false, but that produced read timeout errors on the socket. Any ideas?