Active Directory - Dell iDRAC7 User Manual

When accessing the iDRAC7 Web-based interface, a security warning is displayed stating that the SSL certificate host
name does not match the iDRAC7 host name.
iDRAC7 includes a default iDRAC7 server certificate to ensure network security while accessing through the Web-based
interface and remote RACADM. When this certificate is used, the Web browser displays a security warning because the
default certificate that is issued to iDRAC7 does not match the iDRAC7 host name (for example, the IP address).
To resolve this, upload an iDRAC7 server certificate issued to the IP address or the iDRAC7 host name. When generating
the CSR (used for issuing the certificate), make sure that the common name (CN) of the CSR matches the iDRAC7 IP
address (if certificate issued to IP) or the registered DNS iDRAC7 name (if certificate is issued to iDRAC7 registered
name).
To make sure that the CSR matches the registered DNS iDRAC7 name:
1. In iDRAC7 Web interface, go toOverview → iDRAC Settings → Network . TheNetwork page is displayed.
2. In the Common Settings section:
– Select the Register iDRAC on DNSoption.
– In the DNS iDRAC Name field, enter the iDRAC7 name.
3. Click Apply.

Active Directory

Active Directory login failed. How to resolve this?
To diagnose the problem, on the Active Directory Configuration and Management page, click Test Settings. Review the
test results and fix the problem. Change the configuration and run the test until the test user passes the authorization
step.
In general, check the following:
• While logging in, make sure that you use the correct user domain name and not the NetBIOS name. If you have a
local iDRAC7 user account, log into iDRAC7 using the local credentials. After logging in, make sure that:
– The Enable Active Directory option is selected on the Active Directory Configuration and Management page.
– The DNS setting is correct on the iDRAC7 Networking configuration page.
– The correct Active Directory root CA certificate is uploaded to iDRAC7 if certificate validation was enabled.
– The iDRAC name and iDRAC Domain name matches the Active Directory environment configuration if you are
using extended schema.
– The Group Name and Group Domain Name matches the Active Directory configuration if you are using standard
schema.
• Check the domain controller SSL certificates to make sure that the iDRAC7 time is within the valid period of the
certificate.
Active Directory login fails even if certificate validation is enabled. The test results display the following error message.
Why does this occur and how to resolve this?
ERROR: Can't contact LDAP server, error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please check
the correct Certificate Authority (CA) certificate has been uploaded to iDRAC7.
Please also check if the iDRAC7 date is within the valid period of the
certificates and if the Domain Controller Address configured in iDRAC7 matches
the subject of the Directory Server Certificate.
If certificate validation is enabled, when iDRAC7 establishes the SSL connection with the directory server, iDRAC7 uses
the uploaded CA certificate to verify the directory server certificate. The most common reasons for failing certification
validation are:
236