Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CIMC Encrypted AD authentication with Server 2012

Hello -

We had our CIMCs configured to use encrypted AD authentication and until we began to update the domain controllers to Server 2012, everything worked fine. Since the 2012 DCs have been introduced, encrypted authentication no longer works. The message "Login failed. Verify that your username and password are correct." is displayed.

The following is found in the CIMC log:

pam_ldap_manager(webgui:account): Can't contact LDAP server, error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol: Please check the correct Certificate Authority (CA) certificate has been uploaded to AVCT.  Please also check if the AVCT date is within the valid period of the certificates and the Domain Controller Address configured in AVCT matches the subject of the directory server certificate: user=username@domain.com, host=xxx.xxx.xxx.xxx

This is repeated for each configured DC in the Active Directory Properties tab. Changing the configuration to a 2008R2 DC allows for a successful authentication.

Interestingly, SSH connections are still able to authenicate using AD accounts.

Testing has been done primarliy on a UCS C260M2 (C260.1.5.1.0), CIMC ver 1.5(1b), AD Domain / Forest functional leve - Windows Server 2008R2, Domain Controllers - Windows Server 2012 Enterprise (Core)

Does anyone have any suggestions on how to get encrypted authenication working against Server 2012 DCs?

Everyone's tags (3)
1 REPLY
Cisco Employee

CIMC Encrypted AD authentication with Server 2012

Hello Rob,

We need logs to further troubleshoot this issue.

Please open a TAC service request with CIMC techsupport log bundle.

Thanks

Padma

434
Views
0
Helpful
1
Replies
CreatePlease to create content