Installation Manual

ManualsBrandsTechBenchSystems ManualsComputers & AccessoriesDell PowerEdge R610 Virtualization Server 2.53GHz 8-Core E5540 32GB 2x146GB PERC6

181

182

183

184

185

186

187

188

189

190

182 Using the iDRAC6 Directory Service

I enabled certificate validation but my Active Directory login failed.

I ran the diagnostics from the GUI and the test results show the following

error message:

ERROR: Can't contact LDAP server, error:14090086:SSL

routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:

Please check the correct Certificate Authority (CA) certificate has been

uploaded to iDRAC. Please also check if the iDRAC date is within the valid

period of the certificates and if the Domain Controller Address configured

in iDRAC matches the subject of the Directory Server Certificate.

What could be the problem and how can I fix it?

If certificate validation is enabled, iDRAC6 uses the uploaded CA certificate

to verify the directory server certificate when iDRAC6 establishes the SSL

connection with the directory server. The most common reasons for failing

certification validation are:

The iDRAC6 date is not within the valid period of the server certificate or

CA certificate. Please check your iDRAC6 time and the valid period of

your certificate.

The domain controller addresses configured in iDRAC6 do not match the

Subject or Subject Alternative Name of the directory server certificate. If

you are using an IP address, please read the following question and answer.

If you are using FQDN, please make sure you are using the FQDN of the

domain controller, not the domain, for example,

servername.example.com

instead of

example.com.

I'm using an IP address for a domain controller address and I failed

certificate validation. What's the problem?

Check the

Subject or Subject Alternative Name

field of your domain controller

certificate. Usually Active Directory uses the hostname, not the IP address, of

the domain controller in the

Subject or Subject Alternative Name

field of the

domain controller certificate. You can fix the problem in several ways:

Configure the hostname (FQDN) of the domain controller as the

domain

controller address(es)

on iDRAC6 to match the Subject or Subject

Alternative Name of the server certificate.

Re-issue the server certificate to use an IP address in the Subject or

Subject Alternative Name field so it matches the IP address configured in

iDRAC6.