Community
HPE OneView
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OneView Login Issue

SteveSC
SteveSC
Occasional Contributor

‎05-30-2018 12:33 AM

‎05-30-2018 12:33 AM

OneView Login Issue

Hello

Since our team updated OneView we have been getting the attached error message. We can login using the local Administrator credentials but cannot login using a domain account.

I have tried searching online and can find no articles for this specific issue. We did believe it may be a certificate issue but there are no indications that there is anything wrong with the certs on the appliance. The only issue I can see is that the CRL show as expired when they are in date.

Any advice would be appreciated.

0 Kudos
Reply
3 REPLIES
PeterWolfe
PeterWolfe
HPE Pro

‎05-30-2018 08:26 AM

‎05-30-2018 08:26 AM

Re: OneView Login Issue

Were the username/password fields not displayed on the screen? (or just omitted from the screen capture?)

The "could not negociate the desired level of security" doesn't imply a certificate issue. It implies a cipher suite issue (e.g. the TLS handshake failed to negotiate a cipher in common). Is there any special configuration on the AD side with regard to cipher suite support? OV itself can do TLS 1.0, 1.1, and 1.2 with all the standard ciphers supported.   

0 Kudos
Reply
PeterWolfe
PeterWolfe
HPE Pro

‎05-30-2018 09:04 AM

‎05-30-2018 09:04 AM

Re: OneView Login Issue

If you don't think it's related to TLS ciphers on the AD side, can you check you AD server certificates. Presumably you have multiple directory servers defined in OV for the the AD domian. In that case, you usually have a CA-root and or intermediates that have signed the AD server certs. That root and the intermediate(s) have to be in the trust store. Can you check the certificate chain and validate that's the case.  

0 Kudos
Reply
SteveSC
SteveSC
Occasional Contributor

2 weeks ago

2 weeks ago

Re: OneView Login Issue

Ive checked the certificate can for both of the AD servers we have and there are no issues.

The certificates are SHA2 so I would have presumed they would be fine. 

The only other thing I have been able to find is when attempting to add the certificate back to OV with the IP Address/Hostname I get the error:

"Secure connection to the device or server failed because the connection could not be negotiated at the desired level of security. 

HANDSHAKE_FAILED_DETAILS

Resolution Check if the device or server is compliant with the appliance cryptography mode."

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.