HPE OneView
1748003 Members
4446 Online
108757 Solutions
New Discussion

HPE OneView Global Dashboard - Active Directory connection

 
SOLVED
Go to solution
Jumper007
Visitor

HPE OneView Global Dashboard - Active Directory connection

I'm having an issue to connect the global dashboard to our Active Directory domain. I managed to add the CA certificate to the trusted certificate and when I try to connect to our AD by adding an AD it gives the below alert. Tried renewing the CA cert and starting over.  Same result, I use version 1.8 because version 1.9 seemed unstable. 

The CA certificate with common name CANAMEXXXX used for signing the incoming certificate with common name is not a trusted certificate.

Resolution
Add the certificate and retry the operation. To add the missing certificate you can use import certificate option under Settings -> Security -> Manage certificates.
 
Any thoughts? 
 
Best regards
Davy Crijns
7 REPLIES 7
Jeroen_Kleen
HPE Pro

Re: HPE OneView Global Dashboard - Active Directory connection

Hello Davy, we are checking in on the resolution. We know that some customers have issues on the certificate like with spaces or special characters in the name or alias. Can you check empty spaces or special characters in the name or replace spaces with '_' ? In addition what is the type of certificate you are using? single, multipe/wildcard?
Normally we would ask for more specific details on the certificate but as this is an public forum that is not advised. 

If we can't resolve it today over the web then it might be wise to log a formal support ticket so we can look at your certificate in a more trusted and closed communication.

Best Regards, Jeroen

 

(I am an HPE employee)
Jumper007
Visitor

Re: HPE OneView Global Dashboard - Active Directory connection

It's a single CA certificate yes (no * cert) for a local domain (not internet facing). I'll open a support ticket next to this post. No special caracters in the servername, cert name is like "domain-servername-ca". The Oneview server certificate was generated and imported perfectly, and the ca cert was also added to the cert trust store. 

Other Oneview appliances authenticate just fine with AD. 

FM-ISS
Frequent Advisor

Re: HPE OneView Global Dashboard - Active Directory connection

Hello Jumper please check this documents with some tips , i pass by the same issue , i´ve reviewed all steps to put the global dashboard into the AD CA  maybe the sintaxe is the issue i´v got an help from Microsoft PFE .

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00067633en_us 


I´m HPE Employee

Accept or Kudo


Bruce_Lundeby
Frequent Advisor

Re: HPE OneView Global Dashboard - Active Directory connection

Have you have loaded the CA-root certificate CANAMEXXXX into the Global Dashboard Certificate Trust Store? That CA-root certificate must be in the Certificate Trust Store with Global Dashboard 1.80.

Starting in Global Dashboard 1.90 you have the option of Force Leaf Trust, which will allow you to add the AD server certificate without the CA-root certificate being present in the Certificate Trust Store. Note that the CA-root certificate will still need to be in the Certificate Trust Store if you choose to wish to use two-factor authentication.

Note that you may choose to add the AD server certificate to the Certificate Trust Store by using the AD server URL and port 636 or 3269 (as appropriate) if you prefer. This may save you some time which you are diagnosing the issue compared to providing all the AD server settings in the GUI to test.

I am a HPE Employee

Jumper007
Visitor

Re: HPE OneView Global Dashboard - Active Directory connection

Sorry if it wasn't clear, as mentioned in the previous post, I already added the root CA to the trusted certificates. It's when I try to make a connection to AD that the message appears. 

Bruce_Lundeby
Frequent Advisor

Re: HPE OneView Global Dashboard - Active Directory connection

Is this still a problem? I sent a private message but have not seen a response. 

I would suggest getting a Support Dump and opening a Support Case. The Support Dump would allow the Global Dashboard team to get more detailed information for diagnosis.

Check that the IP address and FQDN in the AD server certificate match the actual server values. That includes what the DNS server returns. Check the DNS server configured in the appliance network settings.

Add the AD server certificate to Global Dashboard via the Certificate Trust Store using the AD server URL and port 636 to look at the certificate details.

I am a HPE Employee.

Jumper007
Visitor
Solution

Re: HPE OneView Global Dashboard - Active Directory connection

We checked the Trusted Root Certificate Authorities and noticed 3 double certificates in this certificates folder. We removed the doubles and exported the certificate. As the AD connection now works after this change it is safe to conclude this resolved our issue. AD connection possible now and appliances were also added.