diff --git a/lib/srv/desktop/windows_server.go b/lib/srv/desktop/windows_server.go
index e79925fb00d00..e3e53a8e0ae68 100644
--- a/lib/srv/desktop/windows_server.go
+++ b/lib/srv/desktop/windows_server.go
@@ -526,8 +526,13 @@ func (s *WindowsService) initializeLDAP() error {
 		s.ldapInitialized = false
 
 		// failures due to timeouts might be transient, so retry more frequently
+		//
+		// TODO(zmb3): errors.Is does not work properly on ldap.Error
+		// (remove the extra errors.As() check when https://github.com/go-ldap/ldap/pull/461 merges)
 		retryAfter := windowsDesktopServiceCertRetryInterval
-		if errors.Is(err, context.DeadlineExceeded) {
+		var ldapErr *ldap.Error
+		if errors.Is(err, context.DeadlineExceeded) ||
+			(errors.As(err, &ldapErr) && errors.Is(ldapErr.Err, context.DeadlineExceeded)) {
 			retryAfter = ldapTimeoutRetryInterval
 		}