Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AADS 8.0.2 cert error 1

Status
Not open for further replies.
fondog2

fondog2

Systems Engineer
Jan 19, 2006
335
US
Hello to all,
Deploying the above and after running the the app install configs we are receiving install failed. WARNING: cannot verify xxxxxsmgr.com's certificate, issued by */DC=com/DC=company. Sorry had to edit some of this syntax. Deploying this as a cluster and using our SMGR as the certificate authority. I have trouble with certs as most of us do because Avaya doesn't have much documentation on it, but I don't understand why it would fail with SMGR. I did look through the previous threads and so far I haven't found anything close for this error.

Thank you
 
Sort by date Sort by votes
sounds like you're using 3rd party certs. Import the MS domain's CA cert to AADS via the utility before enrolling
 
Upvote 0 Downvote
Ky;e555,
Not sure I am understanding you. When you run the app configuration tool you have two options use SMGR as the cert authority or check no and give the path of the cert. Are you saying to import the cert that way? If so can you then go back in and set SMGR as the authority through the GUI? First time deploying this so bear with me.
 
Upvote 0 Downvote
That option is if you have a 3rd party signed certificate for AADS.

The reason you're failing to enroll appears to be that SMGR is using a 3rd party signed cert and AADS can't just download that authority certificate from SMGR like it could if you were using SMGR signed certs everywhere.

There's another option further down in the menu that lets you import the 3rd party CA certificate from a local file.

So, check the SMGR CA certificate from your browser browsing to the SMGR webpage. You can export the certificate not as binary but as a .der file I think, save it as customerCA.pem, move it on to AADS with winscp and import it from that option further down.
 
Upvote 0 Downvote
Kyle555,
Sorry for the delay in response. ASM upgrades this past weekend. Thank you and I have added the correct cert provided by our security team. I also noticed as I upgraded our ASM's over the weekend that SMGR is now showing the DRS. It is stuck in repair as I am still unable to get past the LDAP settings. Checked my login, LDAP path and PSWD but still getting an error.

Error during connection test:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0c090xxx. comment AcceptSecurityContext err

Having our Security team see if something could be blocked or if they are getting a bad login or pswd. Did you get this error?

Thank you,
 
Upvote 0 Downvote
You mentioned network blocking being a possibility. If you connect from AADS CLI via TLS what certificate do you get presented with the cert you are expecting? You can use the openssl s_client tool for this.

 
Upvote 0 Downvote

You should be able to login to the webpage with the local admin account.

Otherwise, in the LDAP config, the LDAP user should be specified as a distinguished name. So, if you just used the default domain Administrator for contoso.com, it'd be CN=Administrator,CN=Users,DC=contoso,DC=com
 
Upvote 0 Downvote
Alright guys,
I finally got this POS deployed. Thanks Kyle555 for the cert answers and you'll be getting a star from me. I did get my hands on a PPT doc that explains all of the LDAP parameters and I would like to share it with you but I don't know how to add a doc. I also am not sure if it is allowed. With this doc and our GURU working on LDAP we made it happen.

Thanks again.
 
Upvote 0 Downvote
:)

Get Softerra LDAP Browser. If you run it on a PC with a domain user logged in, you can connect to "the AD on this domain with my current credentials" and see what you need to validate info the customer/AD guys gave you.

In Active Directory Users and Computers, there's an advanced view where you can see a list of sttributes, including a user's DN which is the CN=Your User,CN=Users, etc

They're good tools to validate the domain config.

I'd also recommend using LDAPS:// on port 636 with the FQDN of the domain controller/global catalog server as MS will eventually shut down 389. If you do LDAPS, you have to import the Windows domain cert on the LDAP config screen and use the FQDN.
 
Upvote 0 Downvote
Yes we used LDAPS that was one of the cert issues we were having. We have never used this app before as we are not using Equinox out to mobile devices "YET". LOL I am sure that is on the list. I am in the process of configuring the US for phone backups, 46xxsttings and phone firmware. Then test it and verify the basics are working. I'll be searching through your other threads for this. Thank you again for the help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DevanteWeary
  • Locked
  • Question
How do I obtain an LDAPS certificate for AADS?
Replies
1
Views
266
mattKnight
mattKnight
DTDude
  • Locked
  • Question
Confusion over AADS path names
Replies
4
Views
417
DTDude
DTDude
SPOFy
  • Locked
  • Question
AADS (Aura 10.x) and LDAP connection timeouts
Replies
0
Views
295
SPOFy
SPOFy
RedTech443
  • Locked
  • Question
Cert renew for 3.1 system
Replies
0
Views
184
RedTech443
RedTech443
fondog2
  • Locked
  • Question
BSM/Third party cert question
Replies
4
Views
362
fondog2
fondog2

Part and Inventory Search

Sponsor

Back
Top