跳转到主内容

SVM 无法使用 LDAPS 加入 Windows 2012 域(无法启动 TLS )

Views:
30
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
cifs
Last Updated:

状态信息

适用于

Data ONTAP 8.x CIFS

问题

  • 将用户域升级到 Windows 2012 并安装新证书后、集群模式 Data ONTAP SVMS 无法使用 LDAPS 加入 AD 域。
  • 通过 SVM 创建 CIFS 服务器时会出现类似的错误消息:

   [ 107] Unable to start TLS: Connect error
   [ 107] Additional info: TLS: unable to get CN from peer certificate
   **[ 109] FAILURE: Failed to find a domain controller Error: command failed: Failed to create the Active Directory machine account "XXXXXX".
   Reason: LDAP Error: Cannot establish a connection to the server.

  • 收集数据包跟踪显示,从服务器协商的证书( Windows 2012 )有一个空主题字段,而 CN 信息存储在 SubjectTalterNatName ( SAN )字段中。
        使用下面的示例跟踪帮助确定您是否遇到此问题。
        选择服务器 Hello 数据包并查找以下线索:
  1. Certificate () field请注意,括号之间没有任何内容。这是因为,在主题字段中,我们无法找到任何内容
  2. 主题字段中列出了 0 个项目
  3. LDAP 服务器的名称显示在扩展字段下、特别是 SubjectTaltName 字段下

                                       证书 .png

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.