Re: LDAPS configuration - Virtual Connect Manager (400 Views)
Reply
Occasional Visitor
toddTH
Posts: 1
Registered: ‎06-17-2013
Message 1 of 6 (852 Views)

LDAPS configuration - Virtual Connect Manager

Hi,

I am trying to configure LDAP integration in Virtual Connect Manager (v3.70). I believe I have provided all relevant information correctly including the search context & AD certificate, but when I test the settings, I get an error message " The certificate provided by the ldap server is invalid" ( it seems like AD certificate issue).

 

I have successfully tested LDAP integration of OA logins with the same setting & AD certificate, but VC logins fail.

 

I have removed AD certificate for LDAP integration of OA & Virtual Connect Manager, OA works perfectly, but Virtual Connect still getting same error.

Is it a must to upload AD Certificate for VC LDAP integration??

Any hint for a possible cause??

 

Thanks

 

Please use plain text.
Advisor
Matt Sebel
Posts: 21
Registered: ‎04-30-2009
Message 2 of 6 (503 Views)

Re: LDAPS configuration - Virtual Connect Manager

I know this post is quite old, but I've just run into the same issue. Did you ever find a solution?

Please use plain text.
Occasional Visitor
KZijlmans
Posts: 2
Registered: ‎03-10-2014
Message 3 of 6 (451 Views)

Re: LDAPS configuration - Virtual Connect Manager

Hi all,
i'm having the same issue as described above.

I've issued an internal certificate to the referenced domain controller and while testing the LDAP settings in VC the following error is displayed: "The certificate provided by the LDAP server is invalid".

In the system log of that domain controller the error "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 51. (Schannel, event 36887)" is displayed.

According to http://blogs.msdn.com/b/kaushal/archive/2012/10/06/ssl-tls-alert-protocol-amp-the-alert-codes.aspx this error means: "Failed handshake cryptographic operation, including being unable to correctly verify a signature, decrypt a key exchange, or validate a finished message."

The certificate i'm using is a V3 certificate with a sha256 signature hash algorithm and a key size of RSA 2048 Bits. The same certificate is used in OA 4.01 for LDAP authentication without any problems, but is this type of certificate somehow incompatible with VC 4.10? Importing the certificate to VC doesn't make any difference.

Can someone point me to the minimal requirements for a certificate to setup LDAP authentication in VC?

Please use plain text.
Respected Contributor
Psychonaut
Posts: 212
Registered: ‎08-31-2011
Message 4 of 6 (427 Views)

Re: LDAPS configuration - Virtual Connect Manager

Is your Functional Level at 2012?  If so I ran into this last fall and was told it would be fixed with VC 4.20, which isn't out yet.

Please use plain text.
Occasional Visitor
KZijlmans
Posts: 2
Registered: ‎03-10-2014
Message 5 of 6 (417 Views)

Re: LDAPS configuration - Virtual Connect Manager

Thanks for your reply! We've built a new environment from scratch and set the domain functional level to Windows Server 2012 R2. I guess we'll have to wait for VC 4.20...

Please use plain text.
Advisor
Matt Sebel
Posts: 21
Registered: ‎04-30-2009
Message 6 of 6 (400 Views)

Re: LDAPS configuration - Virtual Connect Manager

So, we had (I say had) the same problem and came here looking for the answer but no one seems to have one, but here's what happened to us:

 

Everything was working fine using LDAP on VC 3.70 and then the certificates on our LDAP servers were upgraded making auth to VC 3.70  with LDAP error. I opened a case with HP and they said something about it being fixed in 4.20 BUT I have another stack with VC 4.10 and everything was still working fine. Well, you can imagine this really confused HP support because based off of the information I received about the certs on the LDAP servers, 4.10 should not have worked at that time. Well, I performed an upgrade of our 3.70 stack last weeked to 4.10 and it is now working again. I can't say why and HP support doesn't seem to understand either, but it is working now.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation