cancel
Showing results for 
Search instead for 
Did you mean: 

OneView Login Issue

SteveSC
Occasional Contributor

OneView Login Issue

Hello

Since our team updated OneView we have been getting the attached error message. We can login using the local Administrator credentials but cannot login using a domain account.

I have tried searching online and can find no articles for this specific issue. We did believe it may be a certificate issue but there are no indications that there is anything wrong with the certs on the appliance. The only issue I can see is that the CRL show as expired when they are in date.

Any advice would be appreciated.

3 REPLIES
PeterWolfe
HPE Pro

Re: OneView Login Issue

Were the username/password fields not displayed on the screen? (or just omitted from the screen capture?)

The "could not negociate the desired level of security" doesn't imply a certificate issue. It implies a cipher suite issue (e.g. the TLS handshake failed to negotiate a cipher in common). Is there any special configuration on the AD side with regard to cipher suite support? OV itself can do TLS 1.0, 1.1, and 1.2 with all the standard ciphers supported.   

PeterWolfe
HPE Pro

Re: OneView Login Issue

If you don't think it's related to TLS ciphers on the AD side, can you check you AD server certificates. Presumably you have multiple directory servers defined in OV for the the AD domian. In that case, you usually have a CA-root and or intermediates that have signed the AD server certs. That root and the intermediate(s) have to be in the trust store. Can you check the certificate chain and validate that's the case.  

SteveSC
Occasional Contributor

Re: OneView Login Issue

Ive checked the certificate can for both of the AD servers we have and there are no issues.

The certificates are SHA2 so I would have presumed they would be fine. 

The only other thing I have been able to find is when attempting to add the certificate back to OV with the IP Address/Hostname I get the error:

"Secure connection to the device or server failed because the connection could not be negotiated at the desired level of security. 

HANDSHAKE_FAILED_DETAILS

Resolution Check if the device or server is compliant with the appliance cryptography mode."