- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: ILO doesn't understand Windows 2003 certificat...
Server Management - Remote Server Management
1748279
Members
4220
Online
108761
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-01-2006 02:40 AM
тАО09-01-2006 02:40 AM
ILO doesn't understand Windows 2003 certificate
I have to configure around 80 HP Integrated Lights-Out (iLO) to use Windows 2003 Directory Default Schema. But I cannot make it work.
In Windows 2003 the Domain Controller certificate was replaced by Domain Controller Authentication certificate.
With Domain Controller Authentication certificate for windows 2003, ILO returns the following error
Accepting Directory Server certificate for signed by /DC=ch/DC=xxx/DC=xxx/CN=xxx Enterprise CA 1-b
Unable to establish SSL connection with directory server.
You may need to install a certificate for your server to allow SSL connections.
Consult the iLO User Guide for details.
Ceasing tests.
Some diagnostics FAILED for server xxx.xxx.xxx.ch
With Domain Controller certificate for windows 2000 everything works.
When a Domain Controller Authentication certificate is installed it supersedes the Domain Controller certificate, so I can't keep the old certificate. The new certificate has the old features and also some new, but it doesn't work.
I've read the ILO docs and it's supposed to support Windows 2003.
Have HP envisaged to issue a new firmware supporting Windows 2003 Active Directory, or do you have any solution to the actual problem?
In Windows 2003 the Domain Controller certificate was replaced by Domain Controller Authentication certificate.
With Domain Controller Authentication certificate for windows 2003, ILO returns the following error
Accepting Directory Server certificate for signed by /DC=ch/DC=xxx/DC=xxx/CN=xxx Enterprise CA 1-b
Unable to establish SSL connection with directory server.
You may need to install a certificate for your server to allow SSL connections.
Consult the iLO User Guide for details.
Ceasing tests.
Some diagnostics FAILED for server xxx.xxx.xxx.ch
With Domain Controller certificate for windows 2000 everything works.
When a Domain Controller Authentication certificate is installed it supersedes the Domain Controller certificate, so I can't keep the old certificate. The new certificate has the old features and also some new, but it doesn't work.
I've read the ILO docs and it's supposed to support Windows 2003.
Have HP envisaged to issue a new firmware supporting Windows 2003 Active Directory, or do you have any solution to the actual problem?
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-05-2006 10:56 AM
тАО09-05-2006 10:56 AM
Re: ILO doesn't understand Windows 2003 certificate
Hi, here , you may try this
Resetting the iLO to defaults in the ROM based setup will set the certificate to the iLO self-certified version. The administrator needs to note the settings for the iLO as they will need to be reentered after the reset to defaults. The settings that will need to be reentered include the networking, DHCP, DNS, and Directory information as well as the user account information.
There is also a reset_rib command as part of the CLI that should accomplish the same as the reset to defaults via the ROM based setup.
Alternately, the certificate can be overwritten by generating a request for a certificate on the iLO, submitting the request to a CA to get a certificate and importing the resulting certificate on the iLO. The certificate is specific to the request, so a certificate cannot be reimported.
This is from a Cu advisory you can find at Hp.com
Resetting the iLO to defaults in the ROM based setup will set the certificate to the iLO self-certified version. The administrator needs to note the settings for the iLO as they will need to be reentered after the reset to defaults. The settings that will need to be reentered include the networking, DHCP, DNS, and Directory information as well as the user account information.
There is also a reset_rib command as part of the CLI that should accomplish the same as the reset to defaults via the ROM based setup.
Alternately, the certificate can be overwritten by generating a request for a certificate on the iLO, submitting the request to a CA to get a certificate and importing the resulting certificate on the iLO. The certificate is specific to the request, so a certificate cannot be reimported.
This is from a Cu advisory you can find at Hp.com
You heve a question... I have an aswer!!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-05-2006 11:09 PM
тАО09-05-2006 11:09 PM
Re: ILO doesn't understand Windows 2003 certificate
Thank you for your reply, but I was refering to the DC certificate, so ILO can connect to the DC using ssl.
The ILO certificate already works.
The ILO certificate already works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-16-2006 04:51 AM
тАО10-16-2006 04:51 AM
Re: ILO doesn't understand Windows 2003 certificate
In fact it wasn't a ILO related problem.
Someone had modified the Domain Controller Authentication certificate template and put the minimum key length to 2048, and ILO supports only 1024.
Thanks
LinkState
Someone had modified the Domain Controller Authentication certificate template and put the minimum key length to 2048, and ILO supports only 1024.
Thanks
LinkState
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP