- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- ILO2-Login-Problem with LDAPS, Cisco Loadbalancer ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-23-2010 05:07 AM
тАО12-23-2010 05:07 AM
ILO2-Login-Problem with LDAPS, Cisco Loadbalancer and Active Directory
The "Directory tests" from the ILO2-Config-Pages was successful with both LDAP-Config-Servers. Both LDAP-Servers are pingable from the client.
I think the ActiveX Controls for the domain/name format translation have a problem, but I don't know which :-(.
Did anyone know what is the problem ?
Our Systemconfig is the follow one:
Client:
Windows Vista SP2
IE8.0.6001.18975
Server with ILO2:
Typ: ProLiant BL460c G6
ILO2-Firmware: 2.01
Loadbalancer:
Cisco ACE4710
Version A3(2.5)
AD-Server:
OS: Windows Server 2008 R2
Role: Active Directory Domain Service
Domain Functional Level: Windows Server 2003
Forest Functional Level: Windows Server 2008 R2
Thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-23-2010 05:51 AM
тАО12-23-2010 05:51 AM
Re: ILO2-Login-Problem with LDAPS, Cisco Loadbalancer and Active Directory
The problem is, that the Loadbalancer should only route the LDAPS-Port (Port 636). Esspecialy the port 135 and the random ports are not very helpful.
What solutions are possible, if the LDAP-Server which is configured in ILO2 is not a Windows Server, without to open a big range on Cisco Loadbalancer ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-24-2010 12:49 PM
тАО12-24-2010 12:49 PM
Re: ILO2-Login-Problem with LDAPS, Cisco Loadbalancer and Active Directory
you may refer to ILO 2 security guide to know about the ports used by ILO.
refer to page 23
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00212796/c00212796.pdf
this will help you to understand what all ports are required to be opened for ILO LDAP integration to work.
thanks,
Aftab
Looking for a quick resolution to a technical issue for your HPE products? HPE Support Center Knowledge-base тАУ Just a Click Away!
See Self Help Post for more details
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-02-2011 10:30 PM
тАО01-02-2011 10:30 PM
Re: ILO2-Login-Problem with LDAPS, Cisco Loadbalancer and Active Directory
The problem makes the ActiveX Control on the ILO-Login-Page. This ActiveX Control runs on the client, where you want to login via Browser onto the ILO-Website. If you use a LDAP-conform Logincontext like CN=Username,OU=Organization,DC=domain,DC=com this Control isn't needed. You can login without problems.
But if you use the Loginname like DOMAIN\Username or Username@Domain.com the ActiveX Control on your client tries to translate this syntax into LDAP-conform context.
This ActiveX Control opens a connection from your client to the Directroy Service on Port 135. Then it use a random port between 1024 and 65535. But it use the same server from the ilo-config.
In our case, this is the loadbalancer, which offer only port 636 to the directory service. All other connections to the directory service must use the direct connection to the directory service servers (Domain Controller).
It would be helpful, if the ActiveX Control use one port to transform the Username (for example the global catalog on port TCP/3269) or if you could set the serversettings especially for the Username-transformation.
Is it possible to integrate this option into ILO-config ? This would be great !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-04-2011 06:41 AM
тАО01-04-2011 06:41 AM
Re: ILO2-Login-Problem with LDAPS, Cisco Loadbalancer and Active Directory
You need to look at Microsoft documentation to see if it would be possible to configure/bind those port numbers.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!