IMC v7.3 authentication server fail (LDAP)

jetsettronn — Fri, 21 Jul 2017 02:48:06 GMT

I have been confirguration completed but when log on via user in AD then error

Authentication server is not available. Please contact the administrator.

(https://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=4176520&docLocale=en_US&docId=emr_na-c05162547)

Re: IMC v7.3 authentication server fail (LDAP)

NeilR — Fri, 21 Jul 2017 18:33:25 GMT

If you are using AD as your LDAP server then you need to set Microsoft Active Directory as server type and sAMAccountName as Username attribute.

Re: IMC v7.3 authentication server fail (LDAP)

JasonL1 — Fri, 04 Aug 2017 18:12:57 GMT

While youre correct, you are also incorrect.

I have that setup properly but, I too get the same error, Authentication server is not available. I also get bits in the log about a Java certificate that is missing ont he DC. That seems odd to me.

2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.servlet.filters.UrlAccessController::doFilter] Access URL With No OperatorInfo: /imc/login.jsf?null from 10.5.2.18
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [INFO ] [Thread-64] [com.imc.ntam.config.ntatask.func.NoneConfigInfoReceiver::run] this.msgQueue.poll() : 0
2017-08-04 11:55:18 [INFO ] [Thread-64] [com.imc.ntam.config.ntatask.func.NoneConfigInfoReceiver::run] NoneConfigInfoReceiver run 0
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [ERROR] [http-nio-8080-exec-4] [com.imc.plat.operator.func.LdapUtils::authenticate] Failed to connect to LDAP Server
javax.naming.CommunicationException: simple bind failed: 10.0.128.33:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at com.imc.plat.operator.func.LdapUtils.authenticate(LdapUtils.java:192)
at com.imc.plat.operator.func.OperatorAuthMgrLdapImpl.authenticate(OperatorAuthMgrLdapImpl.java:55)
at com.imc.plat.operator.func.OperatorMgrImpl.localAuthentic(OperatorMgrImpl.java:2578)
at com.imc.plat.operator.func.OperatorMgrImpl.login(OperatorMgrImpl.java:2072)
at sun.reflect.GeneratedMethodAccessor3946.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy52.login(Unknown Source)
at com.imc.plat.operator.view.OperatorBean.onLogin(OperatorBean.java:1632)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.el.parser.AstValue.invoke(AstValue.java:279)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:273)
at org.apache.myfaces.view.facelets.el.ContextAwareTagMethodExpression.invoke(ContextAwareTagMethodExpression.java:96)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:68)
at javax.faces.component.UICommand.broadcast(UICommand.java:120)
at javax.faces.component.UIViewRoot._broadcastAll(UIViewRoot.java:1041)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:289)
at javax.faces.component.UIViewRoot._process(UIViewRoot.java:1415)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:765)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:38)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:170)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.servlet.filters.FileUploadEncodingFilter.doFilter(FileUploadEncodingFilter.java:29)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:436)
at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:177)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcBrowserCacheInvalidFilter.doFilter(ImcBrowserCacheInvalidFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcNoEtagFilter.doFilter(ImcNoEtagFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcExpiresFilter.doFilter(ImcExpiresFilter.java:830)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.servlet.filters.UrlAccessController.doFilter(UrlAccessController.java:480)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1760)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1719)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:431)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:404)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:358)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:213)
... 87 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:384)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:134)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.validator.Validator.validate(Validator.java:236)
at com.imc.plat.operator.LdapX509TrustManager.validate(LdapX509TrustManager.java:101)
at com.imc.plat.operator.LdapX509TrustManager.checkServerTrusted(LdapX509TrustManager.java:82)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:885)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
... 100 more
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.plat.operlog.func.OperationLogMgrImpl::insertLog] moduleId: 3, description: Operator logged in.
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.plat.operlog.func.OperationLogMgrImpl::insertLog] [OperationLog] Operator:langlej,IP Address:10.5.2.18,Module Name:Platform,Operation:Operator logged in.,Result:FAILURE
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.res.device.dao.ResUsedLicenseCount::getUsedCount] resp.vcfPECount is : 0

Re: IMC v7.3 authentication server fail (LDAP)

NeilR — Fri, 04 Aug 2017 19:08:22 GMT

I'll try and correct.

The OP did not have require SSL checked. And if SSL is NOT checked, then it will work as I orginally described.

It looks like you have checked SSL, based on the logs, correct?

Assuming that is the case, if you check SSL you must:

Change the port to 636 - this is the cause of server not available message
Export the Root Certificate for your AD domain from the domain controller (not the DC's cert) and upload to IMC

If the wrong cert is uploaded the message will change to wrong authentication file or something like that.

Hopefully that helps - I have verified both SSL and non SSL configuration on my system, so if you are still having issues, there is some other problem.

Re: IMC v7.3 authentication server fail (LDAP)

JasonL1 — Tue, 08 Aug 2017 11:56:52 GMT

That has been the setup since the change to AD was made and yet, I still get the error of "Authentication server is not available. Please contact the administrator."

Re: IMC v7.3 authentication server fail (LDAP)

NeilR — Tue, 08 Aug 2017 17:01:18 GMT

Same issue on port 389 (no ssl) as 636? For me that message indicated no traffic on port when I tested it.

Check windows firewall on both IMC and AD. Turn it off to verify or use wireshark

Re: IMC v7.3 authentication server fail (LDAP)

alexandr1187 — Tue, 08 May 2018 13:13:20 GMT

Hi. I have this same error. I use SSL connection with dc cert and port 636.
I solved this problem after analyses auth logs. It is JAVA problems. Change field "Admin DN" to formats user.name@dc.com(implat@imc.com). It is helped me.

Re: IMC v7.3 authentication server fail (LDAP)

Ratatosk — Wed, 09 May 2018 09:30:16 GMT

Thanks! That did the trick here too! :)

topic Re: IMC v7.3 authentication server fail (LDAP) in IMC

IMC v7.3 authentication server fail (LDAP)

Re: IMC v7.3 authentication server fail (LDAP)

Re: IMC v7.3 authentication server fail (LDAP)

Re: IMC v7.3 authentication server fail (LDAP)

Re: IMC v7.3 authentication server fail (LDAP)

Re: IMC v7.3 authentication server fail (LDAP)

Re: IMC v7.3 authentication server fail (LDAP)

Re: IMC v7.3 authentication server fail (LDAP)