PowerProtect Data Manager: LDAP Hostname Mismatch Error during 19.19 Upgrade Precheck

Summary: PowerProtect Data Manager update to 19.19 precheck fails with LDAP hostname miss match error.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

PowerProtect Data Manager update to 19.19 precheck fails with LDAP hostname miss match error.

External authentication is configured to use Active Directory (AD).

DNS nslookup of the AD domain controller(DC) returns the hostname in all caps.

Cause

The name of the server in the certificate is listed in lower case, but the name of the server in DNS is uppercase causing a mismatch.

Resolution

Re-configure AD authentication with the DC hostname in all caps and re-verify the certificate from the PowerProtect Data Manager UI.
In the PowerProtect Data Manager UI, go to Administration, Access Control and choose the Directory Settings tap. Select the affected DC settings and modify the hostname as below. Click Verify to update the certificate.
 Hostname change in PPDM UI
If the error persists, the mismatched certificate may have to be removed using the 'ppcp' tool. 
Use the 'ppcp' command to list the certificates as below. 
admin@ppdm:~/bin> ./ppcp certs list
===========================================================
PPCP  :  0.46
PPDM  :  19.17.0-18
Date  :  07 Apr 2025 10:54 EDT
===========================================================
                   id                  |        host        | port |               fingerprint                |  state   | type
---------------------------------------+--------------------+------+------------------------------------------+----------+-------
  dW5pdHktdnNhLmFtZXIubGFuOjQ0Mzpob3N0 | hostname1.domain.com |  443 | A913D8598D5952D6E24498A02E6F649CEB27AB6C | ACCEPTED | ROOT
  aXNpbG9uOTQuYW1lci5sYW46ODA4MDpob3N0 | hostname2.domain.com | 8080 | FFD0689DCFF36DA6493925CF1EB8A133C02FD872 | ACCEPTED | ROOT
  cm9vdGNh                             | rootca               |      | AECB37080A9D9D70F4CD36951883781C1E3E32A3 | ACCEPTED | ROOT
  ZGMuYW1lci5sYW46NjM2Omhvc3Q=         | dc.domain.com        |  636 | 027E866901EEBE9F88B5266D6D3F593D0169D364 | ACCEPTED | HOST
  ZGR2ZTAyLmFtZXIubGFuOjMwMDk6aG9zdA== | hostname4.domain.com | 3009 | DA3F9888759B86F45DCC3D51ADDF51CA3C618634 | ACCEPTED | HOST
  ZGR2ZTAxLmFtZXIubGFuOjMwMDk6aG9zdA== | hostname5.domain.com | 3009 | 5EE6C8B2768DC19615E3517B86355D251F91A53B | ACCEPTED | HOST
  dmNzYS5hbWVyLmxhbjo0NDM6aG9zdA==     | hostname6.domain.com |  443 | DA47C69E6E81E9EC6819ABEB8F76CC882813ECD4 | ACCEPTED | HOST

Select the id for the affected DC and use the command below to remove the certificate. Be sure to note the port used (636 in the above example), in case it is needed later. 
  
admin@ppdm:~/bin> ./ppcp certs delete --certid ZGMuYW1lci5sYW46NjM2Omhvc3Q=

Once the certificate is removed, the steps above can be repeated to re-create the certificate in the PowerProtect Data Manager UI. Alternately, the following 'ppcp' command can be used. (The port should be set to the port noted in the command above.) 
admin@ppdm:~/bin> ./ppcp certs add --host HOSTNAME.domain.com --port 636

Article Properties
Article Number: 000305011
Article Type: Solution
Last Modified: 09 Apr 2025
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.