HP BladeSystem Onboard Administrator User Guide - HP Business ...
HP BladeSystem Onboard Administrator User Guide - HP Business ...
HP BladeSystem Onboard Administrator User Guide - HP Business ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
o Test Operator<br />
o TestOperator@Domain.com<br />
o DOMAIN\Test Operator<br />
5. Enter the corresponding password used for this account. You have full access to interconnect bays but<br />
not to any server blades.<br />
Troubleshooting LDAP on <strong>Onboard</strong> <strong>Administrator</strong><br />
To verify that SSL is working on the Domain Controllers in your domain, open a browser and then navigate<br />
to https://:636 (substitute your Domain Controller for ). You can<br />
substitute in place of which goes to DNS to verify which Domain Controller<br />
is currently answering requests for the domain. Test multiple Domain Controllers to verify that all of them have<br />
been issued a certificate. If SSL is operating properly on a Domain Controller (for example, a Certificate has<br />
been issued to it), you are prompted by the Security dialog that asks if you want to proceed with accessing<br />
the site or view the certificate. If you click Yes, a webpage does not appear. The test is to make the Security<br />
Dialog prompt appear. A server not accepting connections on port 636 displays the page cannot be<br />
displayed message. If this test fails, the Domain Controller is not accepting SSL connections possibly<br />
because a certificate has not been issued. This process is automatic, but might require a reboot.<br />
To avoid a reboot:<br />
1. On the Domain Controller, load the Computer Account MMC snap-in, and then navigate to the<br />
Personal->Certificates folder.<br />
2. Right-click the folder, and then choose Request New Certificate. The type default is Domain Controller.<br />
3. Click Next, and then repeat until the Domain Controller issues the certificate.<br />
A second method for troubleshooting SSL is to go to the DC, and then run the following command:<br />
C:\netstat -an | find /i "636"<br />
If the server is listening for requests on port 636,the following response appears:<br />
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING<br />
1. A third issue might be that the domain controllers have not auto-enrolled. The DCs can take up to 8 hours<br />
to auto-enroll and get their certificates issued because MS uses GPO to make the DC's aware of the<br />
newly installed CA. You can force this by running DSSTORE -pulse from the DCs (tool is in the w2k<br />
reskit). It is triggered by winlogon. Therefore, for auto-enrollment to function, you must log off and then<br />
log on again. The certificates appear automatically in the CAs Issued Certs list. Make sure the CA is not<br />
listing them in Pending Certs. If it is, change the CA to auto issue certificates when a request comes in.<br />
If the auto-enrollment feature still does not function, request the certificate using the following procedure:<br />
2. On the Domain Controller, open MMC, and then add Certificate Snap-in (Computer Account).<br />
3. Navigate to Personal, and then right-click the folder.<br />
4. Click Request New Cert, and then click Next.<br />
5. Enter a name for the certificate.<br />
If an RPC error occurs, verify that the CA is listed in DNS and that the CA is running.<br />
If the wizard does not start, force the server to see the CA and then allow the wizard to run:<br />
To speed up the GPO process and make the DCs acknowledge the CA, use one of the following commands:<br />
• Windows® 2003, Gpupdate /force<br />
• Windows® 2000, Secedit /refreshpolicy machine_policy /enforce<br />
Enabling LDAP Directory Services Authentication to Microsoft Active Directory 265