Troubleshooting
Microsoft® Active Directory® Theory and Operation with the Dell™ Chassis Management Controller
5
users using IP on your network back to the domain controller. Microsoft domain controllers are where
you setup all of these services, protocols, and objects.
When you setup Microsoft Active Directory you must first install a Microsoft Windows Server 2003 or
later, which is the only server software version currently supported by the Dell Chassis Management
Controller environment. After the server is installed, you turn it into a domain controller using the
built-in application DCPromo. This process promotes the server to a domain controller, and as part of
this process you install a Domain Name System (DNS), Active Directory Domain, such as
(yourcompany.com or a private address; your company.local).
DNS lets you access objects by names, and not the ID value associated with remembering a number. An
example of this is Dell.com is translated to an IP address in a browser and returns you to the Web site
by name. Installing a domain controller lets your company be identified as a name, and if you did not
have DNS, you would have to remember numbers, IP addresses, such as 192.168.34.87. Internet Service
Providers normally assign IP addresses to a network connection, and a good tool used in troubleshooting
DNS problems on Windows systems, servers, and clients, is nslookup. To test the connection, enter a
command at a CMD prompt; nslookup dell.com. The command returns the IP address for dell.com.
Enter this IP address into your browser, and it returns the dell.com Web site.
(Example only, data subject to change)
nslookup dell.com
Non-authoritative answer:
Name: dell.com
Addresses: 143.166.224.244
143.166.83.38
When DNS is set up, create a forward and reverse DNS record for your Dell Chassis Management
Controller. Forward records hold the name of the Dell Chassis Management Controller and reverse DNS
records hold the IP address of it. When troubleshooting DNS problems, always make sure that the
forward and reverse records are returned from DNS.
Note: The commands: ‘nslookup name’ returns an IP address and the ‘nslookup ip address’ returns a
name.
If you want to create a single sign-on or smartcard (SC) or (two factor authentication - TFA)
environment, you must install cryptography, known as certificate services (CS) on the domain
controller. CS lets you exchange certificates with the Dell Chassis Management Controller and the
Active Directory domain. When you exchange certificates you are creating a two way trust system. The
Active Directory domain controller trusts the device and the device trusts the Active Directory domain
controller. You can secure the communication using the secure socket layer (SSL) protocol in your
browser, when cryptography is installed. These two features use Kerberos; the Dell Chassis
Management Controller is compatible with only DES-CBC-MD5 encryption. On Windows 7 and later
workstations, this encryption must be enabled in the local computer policy. During the setup process
for these features, create a keytab file. This file is uploaded into the Dell Chassis Management
Controller, so that it can access the Active Directory domain.