BladeSystem - General
1748019 Members
3724 Online
108757 Solutions
New Discussion юеВ

Re: LDAPS configuration - Virtual Connect Manager

 
toddTH
New Member

LDAPS configuration - Virtual Connect Manager

Hi,

I am trying to configure LDAP integration in Virtual Connect Manager (v3.70). I believe I have provided all relevant information correctly including the search context & AD certificate, but when I test the settings, I get an error message " The certificate provided by the ldap server is invalid" ( it seems like AD certificate issue).

 

I have successfully tested LDAP integration of OA logins with the same setting & AD certificate, but VC logins fail.

 

I have removed AD certificate for LDAP integration of OA & Virtual Connect Manager, OA works perfectly, but Virtual Connect still getting same error.

Is it a must to upload AD Certificate for VC LDAP integration??

Any hint for a possible cause??

 

Thanks

 

5 REPLIES 5
Matt Sebel
Advisor

Re: LDAPS configuration - Virtual Connect Manager

I know this post is quite old, but I've just run into the same issue. Did you ever find a solution?

KZijlmans
Occasional Visitor

Re: LDAPS configuration - Virtual Connect Manager

Hi all,
i'm having the same issue as described above.

I've issued an internal certificate to the referenced domain controller and while testing the LDAP settings in VC the following error is displayed: "The certificate provided by the LDAP server is invalid".

In the system log of that domain controller the error "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 51. (Schannel, event 36887)" is displayed.

According to http://blogs.msdn.com/b/kaushal/archive/2012/10/06/ssl-tls-alert-protocol-amp-the-alert-codes.aspx this error means: "Failed handshake cryptographic operation, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message."

The certificate i'm using is a V3 certificate with a sha256 signature hash algorithm and a key size of RSA 2048 Bits. The same certificate is used in OA 4.01 for LDAP authentication without any problems, but is this type of certificate somehow incompatible with VC 4.10? Importing the certificate to VC doesn't make any difference.

Can someone point me to the minimal requirements for a certificate to setup LDAP authentication in VC?

Psychonaut
Respected Contributor

Re: LDAPS configuration - Virtual Connect Manager

Is your Functional Level at 2012?  If so I ran into this last fall and was told it would be fixed with VC 4.20, which isn't out yet.

KZijlmans
Occasional Visitor

Re: LDAPS configuration - Virtual Connect Manager

Thanks for your reply! We've built a new environment from scratch and set the domain functional level to Windows Server 2012 R2. I guess we'll have to wait for VC 4.20...

Matt Sebel
Advisor

Re: LDAPS configuration - Virtual Connect Manager

So, we had (I say had) the same problem and came here looking for the answer but no one seems to have one, but here's what happened to us:

 

Everything was working fine using LDAP on VC 3.70 and then the certificates on our LDAP servers were upgraded making auth to VC 3.70  with LDAP error. I opened a case with HP and they said something about it being fixed in 4.20 BUT I have another stack with VC 4.10 and everything was still working fine. Well, you can imagine this really confused HP support because based off of the information I received about the certs on the LDAP servers, 4.10 should not have worked at that time. Well, I performed an upgrade of our 3.70 stack last weeked to 4.10 and it is now working again. I can't say why and HP support doesn't seem to understand either, but it is working now.