- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: Cannot integrate with Active Directory - HP On...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-17-2016 12:57 AM
06-17-2016 12:57 AM
Re: Cannot integrate with Active Directory - HP OneView 2.00.07-0250853
Got it working today, at least partially.
Previous certificate: Domain Controller WK12k R2 template changed to use ECDH_P256 instead of RSA as the Cryptographic service Provider.
Trying to fetch certificate by not specifiying BASE-64: DOES NOT WORK, same error as earlier.
Specifying Personal Certificate of DC: DOES NOT WORK, says certificate "appears to be INVALID".
New certificate:
Domain Controller WK12k R2 template and all default settings, RSA as Cryptographic Service Provider.
Trying to fetch certificate by not specifiying BASE-64: DOES NOT WORK, same error as earlier.
Specifying Personal Certificate of DC: WORKS.
Could you try with a different CSA than RSA, e.g. ECDH_P256, Chris?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2016 11:32 AM
06-21-2016 11:32 AM
Re: Cannot integrate with Active Directory - HP OneView 2.00.07-0250853
Interesting finding: Using New-HPOVLdapServer, the certificate is fetched.
Still not possible with the UI in my environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-24-2016 03:33 AM
06-24-2016 03:33 AM
Re: Cannot integrate with Active Directory - HP OneView 2.00.07-0250853
OK, most likely found the error.
HP OneView doesn't seem to support any other Cryptograhic Service Provider than RSA in certificates. When the chain is made up of Elliptical Curves (ECDH_P256) it will not recognize it. If just the personal certificate of the domain controller uses RSA, but the chain uses something else, e.g. ECDH_P256, you can add using BASE64, but not by fetching it automatically. RBAC will work, but it's a work-around.
This is something HP needs to address in a future OneView update!
- « Previous
-
- 1
- 2
- Next »