Unsolved
3 Posts
0
714
March 13th, 2023 03:00
Trying to get SSO working iDrac9
I am trying to get SSO working but it keeps failing on Getting TGT from Server
| Keytab file exists | Passed |
| Keytab file is valid | Passed |
| Getting TGT from server | Failed |
| Ping Directory Server | Not Run |
| Directory Server DNS Name | Passed |
| LDAP connection to the Directory Server | Passed |
| DNS Directory Lookup | Not Applicable |
| DNS Global Catalog Lookup | Passed |
| Connect to Directory Server 1 (Unencrypted) | Passed |
| Connect to Directory Server 2 (Unencrypted) | Passed |
| Connect to Directory Server 3 (Unencrypted) | Not Configured |
| Connect to Directory Server 4 (Unencrypted) | Not Applicable |
| Connect to Directory Server 1 (SSL) | Passed |
| Connect to Directory Server 2 (SSL) | Passed |
| Connect to Directory Server 3 (SSL) | Not Configured |
| Connect to Directory Server 4 (SSL) | Not Applicable |
| Connect to Global Catalog 1 (Unencrypted) | Passed |
| Connect to Global Catalog 2 (Unencrypted) | Passed |
| Connect to Global Catalog 3 (Unencrypted) | Not Run |
| Connect to Global Catalog 4 (Unencrypted) | Not Applicable |
| Connect to Global Catalog 1 (SSL) | Passed |
| Connect to Global Catalog 2 (SSL) | Passed |
| Connect to Global Catalog 3 (SSL) | Not Run |
| Connect to Global Catalog 4 (SSL) | Not Applicable |
| User DN existence | Not Applicable |
| Certificate Validation | Passed |
| User Authentication | Passed |
| User Authorization | Passed |
| iDRAC Device Object Exists | Not Applicable |
09:47:18 Initiating Directory Services Settings Diagnostics: 09:47:18 debug before adjust gss_time_offset (get): 0 09:47:18 in adjust_time_offset 09:47:18 aim_zone_offset 0 09:47:18 aim_daylight_offset 0 09:47:18 gss_time_offset 0 09:47:18 debug after adjust gss_time_offset (get): 0 09:47:18 principal name from keytab: HTTP/idrac-xx-xxxx-xx@xxxxxxx.co.uk 09:47:18 getting TGT failed: check date/time and time zone offset. 09:47:18 ret: 96c73a18 09:47:18 DNS SRV look up with _gc._tcp.xxxxxx.co.uk 09:47:18 the following servers are returned: xx-xxxx-xx.xxxxxx.co.uk xx-xxxx-xx.xxxxxx.co.uk 09:47:18 trying DC server xx-xxxx-xx.xxxxxxx.co.uk:389 09:47:18 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:18 connect to xxx.xx.x.x:389 passed 09:47:18 trying DC server xx-xxxx-xx.xxxxxxx.co.uk:636 09:47:18 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:18 connect to xxx.xx.x.x:636 passed 09:47:18 trying DC server xx-xxxx-xx.xxxxxxx.co.uk:389 09:47:18 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:18 connect to xxx.xx.x.x:389 passed 09:47:18 trying DC server xx-xxxx-xx.xxxxxxx.co.uk:636 09:47:18 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:18 connect to xxx.xx.x.x:636 passed 09:47:18 trying GC server xx-xxxx-xx.xxxxxxx.co.uk:3268 09:47:19 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:19 connect to xxx.xx.x.x:3268 passed 09:47:19 trying GC server xx-xxxx-xx.xxxxxxx.co.uk:3269 09:47:19 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:19 connect to xxx.xx.x.x:3269 passed 09:47:19 trying GC server xx-xxxx-xx.xxxxxxx.co.uk:3268 09:47:19 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:19 connect to xxx.xx.x.x:3268 passed 09:47:19 trying GC server xx-xxxx-xx.xxxxxxx.co.uk:3269 09:47:19 Server Address xx-xxxx-xx.xxxxxxx.co.uk resolved to xxx.xx.x.x 09:47:19 connect to xxx.xx.x.x:3269 passed 09:47:19 Connecting to ldaps://[xx-xxxx-xx.xxxxxxx.co.uk]:636... 09:47:19 Test user authenticated user=admin@xxxxxxxx.co.uk host=xx-xxxx-xx.xxxxxxx.co.uk 09:47:19 Connecting to ldaps://[xx-xxxx-xx.xxxxxxx.co.uk]:3269... 09:47:19 Test user authenticated user=admin@xxxxxxxxx.co.uk host=xx-xxxx-xx.xxxxxxx.co.uk 09:47:19 Test user admin@xxxxxxxxxx.co.uk authorized 09:47:19 Cumulative privileges gained: Login Config iDRAC Config User Clear Logs Server Control Virtual Console Virtual Media Test Alerts Diagnostic Command |
I have run Racadm getractime and the time is correct, the server is set to GMT and the idrac is configured to GMT and is pointing to one of the servers for NTP and the firewall is open on that server, just to be sure i have set the BIOS time to withing a couple of seconds as well, am i missing something else?
No Events found!
DELL-Chris H
Moderator
•
9.6K Posts
0
March 13th, 2023 11:00
You may want to call in to the OpenManage/Sysman group to review the issue, as it may take directly working with the system to resolve.
DELL-Chris H
Moderator
•
9.6K Posts
0
March 13th, 2023 07:00
Tedwill011111,
I would start with verifying that you have met all the requirements and have followed the steps outlined here for configuring the iDrac9 for SSO.
Also, is the server up to date on BIOS and iDrac?
Let me know how it goes and what you see.
Tedwill011111
3 Posts
0
March 13th, 2023 08:00
Hi Chris,
Thanks for getting back to me, i used this article to setup the iDrac and followed it completely, there was only one thing that i was unsure about and that was the Registering iDRAC as a computer in Active Directory root domain, i followed the article but it says to click the Register iDRAC on DNS button that was not there, i instead manually created the DNS record for the iDrac instead, i updated the iDrac and Bios to the latest versions before i started setting it up.
BIOS - 2.10.2
iDrac - 6.10.30
Thanks
Tedwill011111
3 Posts
0
March 14th, 2023 00:00
Will do thanks