Users Guide
Using iDRAC6 Directory Service 167
If certificate validation is enabled, iDRAC6 uses the uploaded CA certificate
to verify the directory server certificate when iDRAC6 establishes the SSL
connection with the directory server. The most common reasons for failing
certification validation are:
• iDRAC6 date is not within the valid period of the server certificate or
CA certificate. Check iDRAC6 time and the valid period of
your certificate.
• The Domain Controller Addresses configured in iDRAC6 do not match
the Subject or Subject Alternative Name of the directory server certificate.
– If you are using an IP address, see "I am using an IP address for a
Domain Controller Address, and I failed certificate validation. What
is the problem?".
– If you are using FQDN, ensure you are using the FQDN of the domain
controller, and not the domain itself. For example, use
servername.example.com
and
not
example.com.
What should I check if I cannot log in to iDRAC6 using Active Directory?
First, diagnose the problem using the Test Settings feature. For directions,
see "My Active Directory log in failed. What do I do?"
Then, fix the specific problem indicated by the test results. For additional
information, see "Testing Your Configurations."
Most common issues are explained in this section. However, in general,
you should check the following:
1
Ensure that you use the correct user domain name during a log in and not
the NetBIOS name.
2
If you have a local iDRAC6 user account, log in to iDRAC6 using your
local credentials.
a
Ensure that the
Active Directory Enabled
check box is selected in the
Step 2 of 4 Active Directory Configuration and Management
page.
b
If you have enabled certificate validation, ensure that you have
uploaded the correct Active Directory root CA certificate to iDRAC6.
The certificate appears in the
Current Active Directory CA
Certificate
area. Ensure that iDRAC6 time is within the valid period
of the CA certificate.