×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

AADS 8.0.2 cert error

AADS 8.0.2 cert error

AADS 8.0.2 cert error

(OP)
Hello to all,
Deploying the above and after running the the app install configs we are receiving install failed. WARNING: cannot verify xxxxxsmgr.com's certificate, issued by */DC=com/DC=company. Sorry had to edit some of this syntax. Deploying this as a cluster and using our SMGR as the certificate authority. I have trouble with certs as most of us do because Avaya doesn't have much documentation on it, but I don't understand why it would fail with SMGR. I did look through the previous threads and so far I haven't found anything close for this error.

Thank you

RE: AADS 8.0.2 cert error

sounds like you're using 3rd party certs. Import the MS domain's CA cert to AADS via the utility before enrolling

RE: AADS 8.0.2 cert error

(OP)
Ky;e555,
Not sure I am understanding you. When you run the app configuration tool you have two options use SMGR as the cert authority or check no and give the path of the cert. Are you saying to import the cert that way? If so can you then go back in and set SMGR as the authority through the GUI? First time deploying this so bear with me.

RE: AADS 8.0.2 cert error

That option is if you have a 3rd party signed certificate for AADS.

The reason you're failing to enroll appears to be that SMGR is using a 3rd party signed cert and AADS can't just download that authority certificate from SMGR like it could if you were using SMGR signed certs everywhere.

There's another option further down in the menu that lets you import the 3rd party CA certificate from a local file.

So, check the SMGR CA certificate from your browser browsing to the SMGR webpage. You can export the certificate not as binary but as a .der file I think, save it as customerCA.pem, move it on to AADS with winscp and import it from that option further down.

RE: AADS 8.0.2 cert error

(OP)
Kyle555,
Sorry for the delay in response. ASM upgrades this past weekend. Thank you and I have added the correct cert provided by our security team. I also noticed as I upgraded our ASM's over the weekend that SMGR is now showing the DRS. It is stuck in repair as I am still unable to get past the LDAP settings. Checked my login, LDAP path and PSWD but still getting an error.

Error during connection test:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0c090xxx. comment AcceptSecurityContext err

Having our Security team see if something could be blocked or if they are getting a bad login or pswd. Did you get this error?

Thank you,

RE: AADS 8.0.2 cert error

You mentioned network blocking being a possibility. If you connect from AADS CLI via TLS what certificate do you get presented with the cert you are expecting? You can use the openssl s_client tool for this.

RE: AADS 8.0.2 cert error

https://stackoverflow.com/questions/31411665/ldap-...

You should be able to login to the webpage with the local admin account.

Otherwise, in the LDAP config, the LDAP user should be specified as a distinguished name. So, if you just used the default domain Administrator for contoso.com, it'd be CN=Administrator,CN=Users,DC=contoso,DC=com

RE: AADS 8.0.2 cert error

(OP)
Alright guys,
I finally got this POS deployed. Thanks Kyle555 for the cert answers and you'll be getting a star from me. I did get my hands on a PPT doc that explains all of the LDAP parameters and I would like to share it with you but I don't know how to add a doc. I also am not sure if it is allowed. With this doc and our GURU working on LDAP we made it happen.

Thanks again.

RE: AADS 8.0.2 cert error

:)

Get Softerra LDAP Browser. If you run it on a PC with a domain user logged in, you can connect to "the AD on this domain with my current credentials" and see what you need to validate info the customer/AD guys gave you.

In Active Directory Users and Computers, there's an advanced view where you can see a list of sttributes, including a user's DN which is the CN=Your User,CN=Users, etc

They're good tools to validate the domain config.

I'd also recommend using LDAPS:// on port 636 with the FQDN of the domain controller/global catalog server as MS will eventually shut down 389. If you do LDAPS, you have to import the Windows domain cert on the LDAP config screen and use the FQDN.

RE: AADS 8.0.2 cert error

(OP)
Yes we used LDAPS that was one of the cert issues we were having. We have never used this app before as we are not using Equinox out to mobile devices "YET". LOL I am sure that is on the list. I am in the process of configuring the US for phone backups, 46xxsttings and phone firmware. Then test it and verify the basics are working. I'll be searching through your other threads for this. Thank you again for the help.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close