SOLVED
Hi Johannes,
Kindly verify the pre-requisities mentioned in the user guide and provide us with the outcome.
Prerequisites for configuring authentication and directory server settings:
1.Verify that your iLO user account has the Configure iLO Settings privilege.
2.Install an iLO license that supports this feature.
3.Configure your environment to support Kerberos authentication or directory integration.
4.The Kerberos keytab file is available (Kerberos authentication only).
For more information please refer HPE iLO 5 User Guide (Page number 249 - 256)
Link: https://support.hpe.com/hpesc/public/docDisplay?docId=a00018324en_us
BR,
Shruthi
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hi,
Please log a case with the HPE support team for further assistance on this since the pre-requirements are already met.
Link to log a case: https://support.hpe.com/portal/site/hpsc/scm/home?ac.admitted=1470780193089.125225703.1938120508
Br,
Shruthi
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hi Johannes
The certificates on the domain controllers must use 1024-bit encryption and not 2048-bit encryption. As per Microsoft KB article Q321051 the private keys must not have strong protection enabled to be able to use third party LDAP over SSL authentication. For authentication to work correctly between iLO and the domain controller in AD, the domain controller must have LDAP over SSL capabilities. This means the domain controller must have a certificate assigned by a Certificate Authority. See the Microsoft Knowledge Base for more information on installing a Certificate Server on a domain controller so that other domain controllers can automatically obtain certificates. The existing PKI infrastructure can be used to obtain certificates. For information about this, refer to Microsoft Knowledge Base article in the following URL.
Click on below link to access the article titled "How to enable LDAP over SSL with a third-party certification authority"
For an alternate method to check SSL, use the Microsoft ldp.exe tool. If AD authentication fails, check the event log for an LDAP error.
In addition above action also check by reset iLO from iLO web console.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
I Suspect the issue with Directory Server & Certificate Authority .
Verifying an LDAP connection using below steps.
1. Start the Active Directory Administration Tool (Ldp.exe).
2. On the Connection menu, click Connect.
3. Type the name of the domain controller to which you want to connect.
a. You must use a proper DNS name for the SSL test to work.
4. Type 636 as the port number and check the SSL box
5. Click OK.
I work for HPE
HI
Can you please let me know after how many days you see this issue ??
I work for HPE