VCS do not trust certificate - configuration of the LDAP user

I have a cluster of 2 Telepresence VCS-control in the same network (vlan) and a bunch of 2 telepresence Expressway to same DMZ network (vlan). And both are on the same site. The two masters counterparts I managed to synchronize the servers against the ldap server (AD), but two of the slave with the same config for users/certificate/ldap settings fail. .  "DNS Uable to resolve the address of the LDAP server It seems to me that the peers do not trust the certificate.

Newspapers that you attached are newspapers events and diagnostic logs not VCS. However according to these newspapers, it seems that VCS slave is not able to connect to the ldap server. If DNS resolution is probably ongoing, but the tcp/tls connection is not established.

I recommend to make a journal of diagnosis (Maintenance > Diagnostics > diagnostic logging) everything by reproducing the connection failed to see what part of the connection fails.

If you root for VCS slave access you may also connect as root via ssh and then run the following command:

> tcpdump-port tcp s0

Insert the port you use to connect to ldap in the field and then press ENTER. you will now see all the traffic to and from the port. Do you see some resets? Is traffic in one direction? This will help you understand why failure is implemented.

Tags: Cisco Support

Similar Questions

  • Cannot use Authenticate in the configuration of the LDAP user

    I'm deploying VIO in my LAB. I have a problem setting up the authentication source during deployment. When I put my AD information and provide the openstack admin user / password, then click on "Configuration Test user", I get this error: failed to authenticate to vio_user ", which is my account service with the admin rights.

    Even if I put my AD administrator password, I get the same error.

    If I click on the Test link, VIO connects to the ad without any problem, but the second part does not work for me ideas please?

    If you use Active Directory, it must be a domain account. I noticed on the screenshot you posted earlier you didn't DN listed at all, that may be your problem.

    Initially, I couldn't authentication works with my AD user as the admin of OpenStack, until my boyfriend added LDAP user OpenStack AD in the right group.

  • Question about deleting of the LDAP user and integration

    In the Document "Management Console Help", he States:

    "You can't invite accounts of users that are mastered in a user directory LDAP; These accounts are created automatically when you synchronize the LDAP directory. »

    This means that after you configure an LDAP domain, the users specified by the filter should be automatically attracted to OnTrack? I don't see the ldap users during execution of an empty search for the administration console. At this point, I can also connect to the OnTrack using a valid LDAP user. I was trying to see if OnTrack worked similar to the Complutense University of MADRID, where the OnTrack user account would create once the user logs in the application.

    What I can do, is go to "Create a user" and enter a valid ldap user's email address. then I see this user in the full search. This user can also connect successfully.

    I wanted to know what was the expected behavior: it should be a 'register' required ldap users in ontrack before auth in the app? Is there a synchronization process that must be executed to pull in the ldap users?

    Also, is it current best practices of removing users? I see in the administration console there is a note that says: "Note: removing users is not supported."

    As always, thanks for the info!


    Thank you
    -ryan

    Ryan Sullivan | ECMconsultant
    http://www.ecmconsultant.NET/
  • not able to connect to the database users

    Hello


    OS Oracle Solaris on SPARC (64-bit)
    database version 10.2.0.2



    There was a problem, one of the database, most of the applications were unable to connect, only 1 or 2 managed applications to connect, which totalled around 4 to 6 hours. Once the database has been recycle everything was ok, so what could be the reason? I have too many words from sr oracle, oracle specified as there was a sql with 13000 executions, also as 2 users have tried to update the same row in the table, so that users must commit frequently, just read the lines highlighted. My question is if there is a conflict of line, that would restrict other applications to connect to the database. And after reboot, everything was normal. I m wondering as is the resource_limit or max execeeded processes at this time this is why not able to sign in as user applications oracle unable to generate new processes.

    As I mentioned in the SR #, users could not establish connection to recycling of the database at all. So what is the root cause?




    Support of Oracle - December 06, 2010 16:01:13 GMT - 05:00 [Notes]

    Generic note
    ------------------------
    Report from the WORKING REPOSITORY for


    Snap Id Snap time Sessions sliders/Session
    BEGIN Snap: 14408 26 November 10 17:00:18 258 32.0
    End Snap: 14413 26 November 10 22:01:02 185 28.0
    Elapsed time: 300,74 (min.)
    DB time: 31,230.47 (min.)




    Top 5 timed events

    Event waits time Avg Wait (ms) % Total call time wait class
    enq: TX - 633 699 1 855 919 line lock conflict 99.0 2 929 Application < < < < # 1.8 million secondsdb file sequential read 2 434 765 11 577 5.6 user I/O
    Time CPU 7 758.4
    db file parallel write 269 025 1 012 4.1 system I/O
    db file scattered read 227 528 889 4.0 user I/O


    Time elapsed (s) hour (s) of the CPU executions Elap by Exec (s) % Total DB SQL SQL SQL text Module Id at the time of
    1 530 609 25 13 497 81,68 113.40 b3fzxpwsmj044 llserver@linkvprad1 (TNS V1 - V3) update KID set ID = ID + A1: where...


    single command which is close to 1.8 million seconds.

    update of b3fzxpwsmj044 KID set ID = ID + A1: where IDType = 0

    Segments of line lock waits
    Capture shows the line lock % % expected for each upper segment by report
    with the line total lock waits for all segments, captured by the snapshot
    Tablespace name object name subobject name owner Type obj. line lock waiting for Capture %
    TAB_ADM TAB_DATA KID TABLE 208 95,41 < < < < # object with line lock waits for even that above command


    UPDATE
    ========
    Hello

    It seems that many people have tried to run the same day order at the same time.
    (more than 13,000 executions)

    Update KID set ID = ID + A1: where IDType = 0

    and segment shows the same table.

    It is an application problem, two people can not update the same rows at the same time.
    OR
    After that the users update must initiate more timely work.

    sb92075 wrote:
    ..., but this has NOTHING to do with the connection problem & or not posted anything else.

    Not so sure. Is this connection to database, or application? The OP wrote "+ one of the basis of most of the applications were not able to connect, only 1 or 2 applications has managed to connect +", don't know what that means exactly, depends on how the application manage the connection. It can start with the search/update of this table where the problem may come from.

    Nicolas.

  • Get the LDAP user running a DBMS_JOB

    Hello!

    I am building an Application at the APEX 3.2 and the authentication scheme is a type of 'See the Page and use LDAP Directory IDs'.
    It all works very well.

    In this application, I give the possibility to download files and sometimes they are really big, so this download is executed by a job (DBMS_JOB. SUBMIT).
    Also works very well.

    My problem comes when I need to know what the user downloads the file!
    If I run it normally, not with a JOB, I can get the user using the package wwv_flow_custom_auth_std.get_username () and returns exactly what I want.
    But if I use this package inside employment it returns nothing.

    Is there a way to get the Apex user that triggered the work, when running it?

    I need this because I have a journal table, with the history of the records that have been updated / deleted and which update/remove the.

    Thank you

    Vania

    Vanya:

    You can do the following in the stored procedure

    Dbms_application_info package to set up "client_info" for the user name passed to the procedure

    dbms_application_info.set_client_info(p_user);
    

    The stored value can then be retrieved in the current session to help

    select sys_context('USERENV','CLIENT_INFO') into aud_user from dual;
    

    CITY

  • Google messaging security certificates and google fade not trust certificates.

    I don't use Google for anything else and block all their Internet sites and access to them to make sure. They already stole the mozilla community to make their chrome browser and I don't want to contribute following them anthing.

    Under certificates - other options-certificates-view www.google.com and mail.google.com are listed as trust builtin objects. When I delete them and restart firefox, they reappear.

    How can I get Google and nothing to do with it, out of Firefox.

    If the certificate came with Firefox (i.e.   in "integrated object token"), impossible to remove it at all, because it is stored in the read-only code.

  • FBus Monitor may not work with Configurator at the same time

    I am using NI USB-8486 material and I can get Fbus Configurator work on it. But whenever I run the FBus monitor, the Configurator will go wrong. (Device on the Fbus become invalid)

    I checked the Configuration OR-FBUS Interface utility, I have seen that the use of the port can be either OR-FBUS or Bus-monitor.  Since the USB-8486 only has a port, it means we can only support a single application (Configurator or monitor), instead of two at the same time?

    I'd appreciate any help!

    Hi Steve,.

    That's correct - USB-8486 can function as an interface device or monitor buses at the same time, and the role is configured in intensive care.

    If you want to have two roles at the same time work, you will need two NICs installed.

  • WIP 310 of configuration using the Web User Interface

    I just got my new WIP 310 - G2 phone and try to connect via my wireless router using the web interface of the phone.

    I don't see how I have the card information provided by my VoIP provider for different fields in the Web interface.

    I got information is of approximately

    • Name of user and password (phone number)?
    • Proxy IP and Port requested
    • Outgoing Port and Proxy number
    • Expire time
    • Time to package
    • DTMF relay
    • UDP Port number
    • RTP Port number

    Hope that somepone could help me with some links to documentation and advice on how to do it.

    See this link to configure WIP 310.

  • Windows vista does not open and goes to the other user that does not exist

    I try to open to all modes goes directly to any other user who has never been assigned a password. Now Icant open workstation to all the .whassup

    Hello

    1. don't you make changes on the computer until the problem started?
    2. how many accounts do you have on the computer?
    3 have you tried to start the computer in Safe Mode?

    If you are unable to start the computer in safe mode, and then try to run a system restore from the System Recovery Options menu.

    See these articles for help:
    http://Windows.Microsoft.com/en-us/Windows-Vista/what-are-the-system-recovery-options-in-Windows-Vista
    http://Windows.Microsoft.com/en-us/Windows-Vista/what-is-system-restore
    http://Windows.Microsoft.com/en-us/Windows-Vista/system-restore-frequently-asked-questions

    Kind regards
    Afzal Taher
    Microsoft technical support engineer

  • Problems of the LDAP USERS

    Hello guys, hope you had a great weekend.

    My question is this.

    We have 2 environments have all two OBIEE 11.7 installed on one is called DEV and other Production

    LDAP is configured on both servers and work perfectly.

    The problem is that on our PROD environment 3 users can not connect via LDAP, but on DEV they connect perfectly.

    Any suggestions of what might cause this problem?

    Concerning

    Benoit

    Using Catalog Manager offline

    Try to delete the files specific user to PROD webcat (just at the bottom of the housing to the top of their content)

    Update the GUID

    then try to connect with the user

  • Try to set up im to store the LDAP user accessories

    I am running the script im/sbin/configure. I'm trying to configure im to store accessories user in ldap. Can someone tell me what bind dn, I would say. It will be all that is the default value. I don't know how to find it.

    Dn default binding is normally 'cn = Directory Manager'.

  • How do you set up ADR in a Weblogic Cluster? On the second server, get "this facility has not yet been configured '...

    We currently have ADR installed 2.0.9 on WLS 10.3.6 running on Windows 2008R2 behind a F5 load balancer. When load balancing sends connections to the server, we have configured everything first, everything works fine. When load balancing sends connections to the server to scale, we get the ADR page with "this facility has not yet been configured. The defaults.xml and related directories were created automatically on the second server. We tried to change the debug.debugger and debug.printDebugToScreen entries in the second server defaults.xml, but nothing happened. What do we lack? How set us the second server?

    The problem has been resolved. After looking at the directories and defaults.xml WLS created on the server to scale out, we thought that the configuration files were not created/copied from the original server. We ran the configuration of 'java-jar ords.war setup' on the second server, restarted the application of WLS and everything started working as expected.

  • my password does not work on windows vista. I get the message user profile service has no logon

    My password does not work. I get the message user profile service has no logon. Help please.

    Hello

    You can try the following.

    Shut down the laptop.  Tap away at f8 that you start the laptop to enter the Windows Recovery Console.  Use the arrow keys to select Safe mode and press ENTER.  If windows will load in this mode, on the Start Menu, click principally made programs, click Accessories, click System Tools and run the system restore.  Choose a restore point at least 24 hours prior to the issue of logon and then proceed to the restoration.  When you are finished, Windows will restart as normal in order to check if you can now connect correctly.

    Another option if the above does not help is as follows.

    Shut down the laptop.  Tap away at f8 that you start the laptop to enter the Windows Recovery Console.  Use the arrow keys to select "Start using last good known Configuration" and press ENTER.

    Kind regards

    DP - K

  • Configure vcenter to talk to the LDAP server

    Hello

    I recently installed the vcenter server and trying to understand it better.

    I have a Windows 2003 Active Directory installed in the same network.

    Is there a way where I can configure this announcement on the vcenter server so that users on the Server LDAP (Active Directory) can connect to the vcenter server.

    So, basically, I'm looking to see if the LDAP users can authenticate on the vCenter Server?

    Any help appreciated...

    Thank you.

    You check the authorization of default vCenter, you will see that there is only (local Administrators group).

    When you join the vCenter Server to a domain AD you can see also the domain user, and usually the Domain Admins group is added to the local Administrators group.

    André

  • ePrint, claimed printer need unclaiming but the previous user is unknown

    Hello

    I hope someone is able to provide some advice/help on how to make a printer, already claimed, not claimed for eprinting? The previous user has left the company, and I have the printer now...

    Thanks in advance for your help

    Hi, if you remove the front panel display web services printer it will make printers inactive email address and you can then re-enable web services to generate a new certificate claim code (email address). Let me know the model of the printer if you have problems with this.

    Best

Maybe you are looking for

  • AUDIT OF MAC

    Is anyone know how can I test my Mac? Is there a software that makes a control software such as checking the HDD for any bad sector, etc...?

  • Miss me the «download Popup', 'Home' and the «Address of Web site window» buttons

    The functions of button for these three elements (download Popup, down arrow, home icon located on the right side of the screen and the site address window where you can type the address of the home page or to the URL / IP address) just disappeared.

  • Vista installation goes into sleep mode

    HelloI tried a full restore using the recovery discs. Everything's fine until it gets to install Vista - then he goes to sleep. I tried several times and it stops at different stages - steps 2, 3 or 4 usually. Any help gratefully accepted.

  • Is there a "new icon" on Atrix 2? in the Notification bar?

    Something very interesting happened tonight, I had to file a FedEx package, as I walked to my car, I noticed that next to the battery icon was a grey box with a Red Cross in it... almost like the Swiss Army Knife... Something new going on? I called A

  • video games freeze after 5 min.

    I'm looking for advice on a video problem. Ive had the computer nearly a year everything was fine until the whole system locked wow play someday. Ctrl-alt-del was nothing for a difficult start. never meeting that happened no matter what I play about