IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

IMC v7.3 authentication server fail (LDAP)

 
jetsettronn
Occasional Advisor

IMC v7.3 authentication server fail (LDAP)

I have been confirguration completed but when log on via user in AD then error

Authentication server is not available. Please contact the administrator.

 

Capture.JPG

(https://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=4176520&docLocale=en_US&docId=emr_na-c05162547)

 

 

 

7 REPLIES
NeilR
Respected Contributor

Re: IMC v7.3 authentication server fail (LDAP)

If you are using AD as your LDAP server then you need to set Microsoft Active Directory as server type and sAMAccountName as Username attribute.

JasonL1
Frequent Advisor

Re: IMC v7.3 authentication server fail (LDAP)

While youre correct, you are also incorrect.

I have that setup properly but, I too get the same error, Authentication server is not available. I also get bits in the log about a Java certificate that is missing ont he DC. That seems odd to me.


2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.servlet.filters.UrlAccessController::doFilter] Access URL With No OperatorInfo: /imc/login.jsf?null from 10.5.2.18
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [INFO ] [Thread-64] [com.imc.ntam.config.ntatask.func.NoneConfigInfoReceiver::run] this.msgQueue.poll() : 0
2017-08-04 11:55:18 [INFO ] [Thread-64] [com.imc.ntam.config.ntatask.func.NoneConfigInfoReceiver::run] NoneConfigInfoReceiver run 0
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [ERROR] [http-nio-8080-exec-4] [com.imc.plat.operator.func.LdapUtils::authenticate] Failed to connect to LDAP Server
javax.naming.CommunicationException: simple bind failed: 10.0.128.33:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at com.imc.plat.operator.func.LdapUtils.authenticate(LdapUtils.java:192)
at com.imc.plat.operator.func.OperatorAuthMgrLdapImpl.authenticate(OperatorAuthMgrLdapImpl.java:55)
at com.imc.plat.operator.func.OperatorMgrImpl.localAuthentic(OperatorMgrImpl.java:2578)
at com.imc.plat.operator.func.OperatorMgrImpl.login(OperatorMgrImpl.java:2072)
at sun.reflect.GeneratedMethodAccessor3946.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy52.login(Unknown Source)
at com.imc.plat.operator.view.OperatorBean.onLogin(OperatorBean.java:1632)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.el.parser.AstValue.invoke(AstValue.java:279)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:273)
at org.apache.myfaces.view.facelets.el.ContextAwareTagMethodExpression.invoke(ContextAwareTagMethodExpression.java:96)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:68)
at javax.faces.component.UICommand.broadcast(UICommand.java:120)
at javax.faces.component.UIViewRoot._broadcastAll(UIViewRoot.java:1041)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:289)
at javax.faces.component.UIViewRoot._process(UIViewRoot.java:1415)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:765)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:38)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:170)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.servlet.filters.FileUploadEncodingFilter.doFilter(FileUploadEncodingFilter.java:29)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:436)
at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:177)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcBrowserCacheInvalidFilter.doFilter(ImcBrowserCacheInvalidFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcNoEtagFilter.doFilter(ImcNoEtagFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcExpiresFilter.doFilter(ImcExpiresFilter.java:830)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.servlet.filters.UrlAccessController.doFilter(UrlAccessController.java:480)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1760)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1719)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:431)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:404)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:358)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:213)
... 87 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:384)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:134)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.validator.Validator.validate(Validator.java:236)
at com.imc.plat.operator.LdapX509TrustManager.validate(LdapX509TrustManager.java:101)
at com.imc.plat.operator.LdapX509TrustManager.checkServerTrusted(LdapX509TrustManager.java:82)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:885)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
... 100 more
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.plat.operlog.func.OperationLogMgrImpl::insertLog] moduleId: 3, description: Operator logged in.
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.plat.operlog.func.OperationLogMgrImpl::insertLog] [OperationLog] Operator:langlej,IP Address:10.5.2.18,Module Name:Platform,Operation:Operator logged in.,Result:FAILURE
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.res.device.dao.ResUsedLicenseCount::getUsedCount] resp.vcfPECount is : 0

NeilR
Respected Contributor

Re: IMC v7.3 authentication server fail (LDAP)

I'll try and correct.

The OP did not have require SSL checked. And if SSL is NOT checked, then it will work as I orginally described.

It looks like you have checked SSL, based on the logs, correct?

Assuming that is the case, if you check SSL you must:

  • Change the port to 636 - this is the cause of server not available message
  • Export the Root Certificate for your AD domain from the domain controller (not the DC's cert) and upload to IMC

If the wrong cert is uploaded the message will change to wrong authentication file or something like that.

Hopefully that helps - I have verified both SSL and non SSL configuration on my system, so if you are still having issues, there is some other problem.

JasonL1
Frequent Advisor

Re: IMC v7.3 authentication server fail (LDAP)

That has been the setup since the change to AD was made and yet, I still get the error  of "Authentication server is not available. Please contact the administrator." 

NeilR
Respected Contributor

Re: IMC v7.3 authentication server fail (LDAP)

Same issue on port 389 (no ssl) as 636?  For me that message indicated no traffic on port when I tested it.

Check windows firewall on both IMC and AD. Turn it off to verify or use wireshark

alexandr1187
Visitor

Re: IMC v7.3 authentication server fail (LDAP)

Hi. I have this same error. I use SSL connection with dc cert and port 636.
I solved this problem after analyses auth logs. It is JAVA problems. Change field "Admin DN" to formats user.name@dc.com(implat@imc.com). It is helped me.

Ratatosk
Advisor

Re: IMC v7.3 authentication server fail (LDAP)

Thanks! That did the trick here too! :)