ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

iLO 4 Active Directory Integration Issues

chuckditta
Occasional Visitor

iLO 4 Active Directory Integration Issues

Hello all,

 

Current config is on a DL360p G8 with the latest iLO firmware (v. 2.03) installed.

 

I've configured my iLO for active directory integration both manually and using HPQLOMIG.exe.

 

I am using the Default Directory Schema with Kerberos Authentication disabled and Local User Account Enabled and am using LDAP Port 636.

 

When I attempt directory tests, it resolves the directory server name, successfully pings, and is able to connect to the directory server.  It fails when it gets to "Connect using SSL", and the notes state that "You may need to install a cert for your server to allow SSL connections."

 

My DCs have a certificate installed and are able to connect/bind using SSL, as verifed numerous times using LDP.exe

 

Any insight someone can provide would be greatly appreciated, as nothing I have tried seems to be working.

 

Thanks in advance,

Chuck

2 REPLIES
GregHarms
Occasional Visitor

Re: iLO 4 Active Directory Integration Issues

Your scenario matches mine. Configuration and error messages.

Our AD support team recently migrated our enterprise to a new CA infrastructure and replaced SHA1/1024 certs on domain controllers with SHA2/2048. Broke directory-login on all of our ILOs (1/2/3/4) despite applying current firmware. We finally narrowed it down to bit size to find that SHA2/1024 certificates worked for ILO communication over LDAPS. Would not have thought to try that change if we hadn't found http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c03489319 which states "The certificates on the domain controllers must use 1024-bit encryption and not 2048-bit encryption." That's the only reference to the limitation we've found. Even the HP ILO Security guide has very little information on LDAPS connection parameters.

 

AD support team would prefer to use 2048-bit so we may be forced to retreat to maintaining local logins for our HP server remote consoles. Our Dell iDRACs had no trouble with the higher bits on the domain controller certs.

adkg12
Occasional Contributor

Re: iLO 4 Active Directory Integration Issues

Has this been fixed?  Our OAs and VCM.. and tons of ilos are all messed up...

adkg12