Users Guide
Network security
While accessing the iDRAC Web interface, a security warning appears stating that the SSL certificate issued by the
Certificate Authority (CA) is not trusted.
iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and
remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC server certificate issued by a trusted CA
(for example, Microsoft Certificate Authority, Thawte or Verisign).
Why the DNS server not registering iDRAC?
Some DNS servers register iDRAC names that contain only up to 31 characters.
When accessing the iDRAC Web-based interface, a security warning is displayed stating that the SSL certificate host name
does not match the iDRAC host name.
iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and
remote RACADM. When this certificate is used, the Web browser displays a security warning because the default certificate that is issued
to iDRAC does not match the iDRAC host name (for example, the IP address).
To resolve this, upload an iDRAC server certificate issued to the IP address or the iDRAC host name. When generating the CSR (used for
issuing the certificate), make sure that the common name (CN) of the CSR matches the iDRAC IP address (if certificate issued to IP) or
the registered DNS iDRAC name (if certificate is issued to iDRAC registered name).
To make sure that the CSR matches the registered DNS iDRAC name:
1. In iDRAC Web interface, go to Overview > iDRAC Settings > Network. The Network page is displayed.
2. In the Common Settings section:
• Select the Register iDRAC on DNS option.
• In the DNS iDRAC Name field, enter the iDRAC name.
3. Click Apply.
Why am I unable to complete operations that involve a remote CIFS share?
Import/export or any other remote file share operations that involve a CIFS share fail if they use only SMBv1. Ensure that the SMBv2
protocol is enabled on the server providing SMB/CIFS share. Refer to the Operating System documentation on how to enable the SMBv2
protocol.
Active Directory
Active Directory login failed. How to resolve this?
To diagnose the problem, on the Active Directory Configuration and Management page, click Test Settings. Review the test results
and fix the problem. Change the configuration and run the test until the test user passes the authorization step.
In general, check the following:
• While logging in, make sure that you use the correct user domain name and not the NetBIOS name. If you have a local iDRAC user
account, log into iDRAC using the local credentials. After logging in, make sure that:
• The Active Directory Enabled option is selected on the Active Directory Configuration and Management page.
• The DNS setting is correct on the iDRAC Networking configuration page.
• The correct Active Directory root CA certificate is uploaded to iDRAC if certificate validation was enabled.
• The iDRAC name and iDRAC Domain name matches the Active Directory environment configuration if you are using extended
schema.
• The Group Name and Group Domain Name matches the Active Directory configuration if you are using standard schema.
• If the user and the iDRAC object is in different domain, then do not select the User Domain from Login option. Instead select
Specify a Domain option and enter the domain name where the iDRAC object resides.
• Check the domain controller SSL certificates to make sure that the iDRAC time is within the valid period of the certificate.
Active Directory login fails even if certificate validation is enabled. The test results display the following error message. Why
does this occur and how to resolve this?
ERROR: Can't contact LDAP server, error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check the correct
Certificate Authority (CA) certificate has been uploaded to iDRAC. Please also check if the
Frequently asked questions
291