https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7007450#M3051 <P>Were the username/password fields not displayed on the screen? (or just omitted from the screen capture?)</P><P>The "could not negociate the desired level of security" doesn't imply a certificate issue. It implies a cipher suite issue (e.g. the TLS handshake failed to negotiate a cipher in common). Is there&nbsp;any special configuration on the AD side with regard to cipher suite support?&nbsp;OV itself can&nbsp;do TLS 1.0, 1.1, and 1.2 with all the standard ciphers supported. &nbsp;&nbsp;</P> Wed, 30 May 2018 15:26:39 GMT PeterWolfe 2018-05-30T15:26:39Z https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7007388#M3050 <P>Hello</P><P>Since our team updated OneView we have been getting the attached error message. We can login using the local Administrator credentials but cannot login using a domain account.<BR /><BR />I have tried searching online and can find no articles for this specific issue. We did believe it may be a certificate issue but there are no indications that there is anything wrong with the certs on the appliance. The only issue I can see is that the CRL show as expired when they are in date.</P><P>Any advice would be appreciated.</P> Wed, 30 May 2018 07:33:36 GMT https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7007388#M3050 SteveSC 2018-05-30T07:33:36Z https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7007450#M3051 <P>Were the username/password fields not displayed on the screen? (or just omitted from the screen capture?)</P><P>The "could not negociate the desired level of security" doesn't imply a certificate issue. It implies a cipher suite issue (e.g. the TLS handshake failed to negotiate a cipher in common). Is there&nbsp;any special configuration on the AD side with regard to cipher suite support?&nbsp;OV itself can&nbsp;do TLS 1.0, 1.1, and 1.2 with all the standard ciphers supported. &nbsp;&nbsp;</P> Wed, 30 May 2018 15:26:39 GMT https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7007450#M3051 PeterWolfe 2018-05-30T15:26:39Z https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7007458#M3052 <P>If you don't think it's related to TLS ciphers on the AD side, can you check you AD server certificates. Presumably you have multiple directory servers defined in OV for the the AD domian. In that case, you usually have a CA-root and or intermediates that have signed the AD server certs. That root and the intermediate(s)&nbsp;have to&nbsp;be in the trust store. Can you check the certificate chain and validate that's the case. &nbsp;</P> Wed, 30 May 2018 16:04:28 GMT https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7007458#M3052 PeterWolfe 2018-05-30T16:04:28Z https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7014578#M3244 <P>Ive checked the certificate can for both of the AD servers we have and there are no issues.<BR /><BR />The certificates are SHA2 so I would have presumed they would be fine.&nbsp;</P><P>The only other thing I have been able to find is when attempting to add the certificate back to OV with the IP Address/Hostname I get the error:</P><P>"<SPAN>Secure connection to the device or server failed because the connection could not be negotiated at the desired level of security.&nbsp;</SPAN><BR /><BR /><SPAN>HANDSHAKE_FAILED_DETAILS</SPAN><BR /><BR /><SPAN>Resolution Check if the device or server is compliant with the appliance cryptography mode."</SPAN></P> Fri, 10 Aug 2018 11:10:48 GMT https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7014578#M3244 SteveSC 2018-08-10T11:10:48Z https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7015796#M3274 <P>Hi SteveSC<BR /><BR />I guess this thread is related to the other thread where you are running into issues with AD login.<BR />Can you open a support case with a support dump?<BR /><BR /><BR /></P> Fri, 24 Aug 2018 05:38:06 GMT https://community.hpe.com/t5/hpe-oneview/oneview-login-issue/m-p/7015796#M3274 BhaskarV 2018-08-24T05:38:06Z