ProLiant Servers (ML,DL,SL)

ILO LDAP Configuration not working

 
SOLVED
Go to solution
SandurMavericK
HPE Pro

Re: ILO LDAP Configuration not working

Can you please let us know the what is " Directory User Context 1" defined in iLO ??


I work for HPE

Accept or Kudo

SandurMavericK
HPE Pro

Re: ILO LDAP Configuration not working

Can you please let us know the what is " Directory User Context 1" defined in iLO


I work for HPE

Accept or Kudo

Johannes_we
Advisor

Re: ILO LDAP Configuration not working

Everything is fine using ldp and actually every other tool works fine using LDAPs even these from HPE (3Par, Primera, Nimble, SSMC  etc )

Johannes_we
Advisor

Re: ILO LDAP Configuration not working

Hi @Eeswaran,

sorry i have no solution so far and stopped further deployment until i have a solution.
I hope this thread gets a little more tention to HPE because my case with them was not really helpful.

BR
Johannes

Eeswaran
Occasional Advisor

Re: ILO LDAP Configuration not working

Hi SandurMaverick,

Thanks for the reply.

LDAP connection has been verified and it is working fine.
Domain authentication with LDAP Server working fine in 100's of servers during the notification of issue in a server ILO and this ensures that there is no issue with LDAP Connection
All the servers ILO's are configured similarly.
"Directory User Context" 1 , 2 and 3 has been updated with common directory subcontexts.
Every other tools configured with the same LDAP is working fine
After Resetting the ILO, domain authentication works fine, but after sometime again the issue starts
From ILO User Guide, it has been mentioned that if CA Certificate is not imported, Certificate validation step is skipped, But whereas domain login authentication fails stating that “LDAP server certificate validation failed.” Attached the screenshots for reference.
This issue exists in all generations and firmwares, 2.55 to 2.73 for ILO4 and 2.10 to 2.18 for ILO5.

LDAPError.JPG

SandurMavericK
HPE Pro

Re: ILO LDAP Configuration not working

HI Eeswarna,

Thank you for letting us know the issue..

as per you description the issue doesn't start when configured for the first Time & Domain Login works fine..  but the issue starts when  you do the iLO reset after which you are seeing an issue of domain login failure  due to certificate  Validation failure.. i get your point . can you confirm  the domain user on which the issue is seen  is actually part of How many Security Groups ..

Command : to run on Domain Controller : dsquery user -samid ilouser | dsget user -memberof | dsget group -samid

 


I work for HPE

Accept or Kudo

Johannes_we
Advisor

Re: ILO LDAP Configuration not working

I´m having trouble with multiple users.

one is a test user only beeing  in the one group + "domain users" but still having that issue.

SandurMavericK
HPE Pro

Re: ILO LDAP Configuration not working

Hello Johannes_we & Eeswaran,

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows

Can you update the March 10, 2020 updates Secuirty Patches from Microsoft & See this gets resolved

 

 


I work for HPE

Accept or Kudo

SandurMavericK
HPE Pro
Eeswaran
Occasional Advisor

Re: ILO LDAP Configuration not working

HI SandurMavericK,

01. In our case we are using Service account, which is part of 2 Security groups and My Domain Account is part of many security groups. We even tested with a test account which is part of single security group. For all accounts we are receving the same issue.

02. Regarding the Microsoft March 10, 2020 patches MS has confirmed that, Updates will not make changes to LDAP signing or LDAP channel binding policies or their registry equivalent on new or existing domain controllers. Anyhow all our DC's are patched with all compatible patches released till July 2020

03. Verified the following registry in all the DC's: Security Providers is listed with 'pwdssp.dll'
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders