Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

ILO 2 Default Schema Authentication Problems

Frequent Advisor

ILO 2 Default Schema Authentication Problems

Hello,

I've setup enough domain information to Test auth into AD. I have 2 problems - 1 - sometimes the ILO Directory settings screen hangs forcing me to reload the browser session. It's not the browser hanging, just that Directory screen. Seems to go into endless loop retrieving the config from the ILO. The settings I previously enter into for AD and Groups are all blank. This is an ILO 2 v1.50.

Second problem, more of a question, does the SSL error "certificate does not match Directory Server" mean I will get authentication errors? Despite my erratic setup with the first problem, I am still able to test ... when I bash in a test username and PW I get that certificate error, and the authentication fails. Does the certificate need to match?


There's no present like time
5 REPLIES
Valued Contributor

Re: ILO 2 Default Schema Authentication Problems

Refer whitepaper below and check if this can provide some information on this.

Integrating HP ProLiant Lights-Out processors with Microsoft® Active Directory
http://bizsupport.austin.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf
Trusted Contributor

Re: ILO 2 Default Schema Authentication Problems

The certificate needs to match. If this is a test enviorment, you may want to reinstall the root ca in your AD.
Frequent Advisor

Re: ILO 2 Default Schema Authentication Problems

the error returned is "Warning: certificate does not match Directory Server Address"

In the Directory server config, I enter the domain name instead of a specific domain controller. This would be the most redundant setting correct? I don't really want to specify a single D.C. incase that's down, cannot logon to ILO with domain accounts.

Is there a recommended way to configure an ILO for logon redundancy? Can the certificate not matching error be ignored?



There's no present like time
Frequent Advisor

Re: ILO 2 Default Schema Authentication Problems

These are the test results I get. So it says it connects with SSL, passes the certficate check, but then doesn't bind, and fails the user authentication test.

It seems like the certificate warning doesn't prevent the authentication attempt, but that fails and I cannot see any logging on the DC that it's connected to.

Test Description Status
Ping Directory Server Passed
Directory Server IP Address Not run
Directory Server DNS Name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Not run
Directory Administrator login Not run
User Authentication Failed
User Authorization Not run
Directory User Context 1 Not run
Directory User Context 2 Not run
Directory User Context 3 Not run
LOM Object exists Not run
LOM Object password Not run

Warning: certificate does not match Directory Server Address
Unable to authenticate test user xxxxxxxx[Invalid credentials]
Ceasing tests.
Some diagnostics FAILED for server

There's no present like time
Frequent Advisor

Re: ILO 2 Default Schema Authentication Problems


...update .. following the tips at

http://forums12.itrc.hp.com/service/forums/questionanswer.do?threadId=1005787&admit=109447627+1217989567271+28353475


I can now logon to ILO but only with full name and not SAMaccount name.

This is pretty stupid - are HP going to allow this in the future?
There's no present like time