Skip to main content
Hitachi Vantara Knowledge

Active directory page alerts

Active Directory page alerts are listed alphabetically by their hover text.

  • Active Directory enabled for default namespace only

    GUID-BC6219B3-A1FD-4C25-98BF-C6FE652EFAC8-low.png

    Either:

    • AD authentication is enabled only for the default namespace and is not currently supported for HCP namespaces. This can happen after an upgrade, where the CIFS protocol was enabled for the default namespace with AD authentication before the upgrade occurred.

      To enable support for AD for HCP namespaces, enable HCP support for AD on the Active Directory page in the HCP System Management Console.

    • In the username mapping file used by the CIFS protocol for the default namespace, one or more usernames map to the same UID. Only one username can map to any given UID.
  • Active Directory secure connection issue

    GUID-7681F287-776B-42F1-B1BF-C6625588D31A-low.png

    HCP could not communicate with AD due to a problem with the AD SSL server certificate uploaded to HCP.

    Make sure you have the correct certificate, then upload the certificate again on the Active Directory page in the HCP System Management Console.

    If the problem persists, contact your authorized HCP service provider.

  • Cannot access Key Distribution Center

    GUID-BCFCED51-80C9-49D0-8370-02256284E3C9-low.png

    HCP cannot access the Key Distribution Center in the AD domain specified in the HCP AD configuration.

    Check that both the AD domain controller and the network connection between HCP and that AD domain controller are healthy.

    If they both appear to be working properly, contact your authorized HCP service provider.

  • Cannot access LDAP server

    GUID-1F2B04D6-1997-4390-A1DC-93297C970663-low.png

    HCP cannot access the LDAP server for the AD domain specified in the HCP AD configuration.

    Check that both the LDAP server and the network connection between HCP and that server are healthy.

    If they both appear to be working properly, contact your authorized HCP service provider.

  • Could not establish connection with Active Directory - add certificate again

    GUID-44BAE311-F24D-418D-A3BE-935E66F310BF-low.png

    HCP could not communicate with AD due to a problem with the AD SSL server certificate uploaded to HCP.

    Make sure you have the correct certificate, then upload the certificate again on the Active Directory page in the HCP System Management Console.

    If the problem persists, contact your authorized HCP service provider.

  • DNS correctly configured

    GUID-48F3270B-121D-4890-84FB-87D734814F08-low.png

    HCP is configured to use DNS.

  • DNS is not enabled. Active Directory requires DNS be enabled.

    GUID-44D709BF-195D-4A31-8466-9C05BA4515AF-low.png

    HCP is not configured to use DNS. For HCP to work with AD, HCP must be configured as a subdomain in your DNS.

  • HCP computer account missing

    GUID-AC7DDE49-ADD9-40EC-B20C-244C674008C2-low.png

    The HCP computer account is missing from the AD domain.

    Reconfigure HCP support for AD on the Active Directory page in the HCP System Management Console.

  • IP lookup failed for Active Directory server server-name

    GUID-FA29AFC2-7A77-4620-81E7-5E7C0EDCC2F6-low.png

    HCP was unable to do an IP lookup of an IP address used to communicate with the AD domain controller for either the Key Distribution Center or the LDAP server.

    Make sure the DNS configuration includes all A and AAAA records needed to resolve the IP addresses that HCP uses to communicate with the indicated domain controller.

  • No external time server configured. Active Directory recommends an external time server.

    GUID-52D0EF5F-76A7-4B14-822C-68E245A8C347-low.png

    HCP is configured to use itself as a time server. For HCP to work with AD, HCP time must be within five minutes of AD time.

    The recommended configuration is HCP HCP and AD to use the same external time server.

  • No Key Distribution Center found

    GUID-86422F3B-FBBF-4335-92A3-C7E59627B651-low.png

    HCP cannot find a Key Distribution Center in the AD domain specified in the HCP AD configuration.

    Make sure AD is configured correctly in your DNS.

    If the problem persists, contact your authorized HCP service provider.

  • No LDAP server found

    GUID-A8CD2A66-AE3F-4F8B-AA18-3D3500F762E9-low.png

    HCP cannot find an LDAP server in the AD domain specified in the HCP AD configuration.

    Make sure AD is configured correctly in your DNS.

    If the problem persists, contact your authorized HCP service provider.

  • Nodes correctly configured

    GUID-484403CE-A9E3-42A6-935B-A9C85615CF77-low.png

    All of these conditions are true:

    • The computer accounts for all nodes are present in the AD domain. These accounts are created automatically when you configure HCP to support AD.
    • All nodes have valid credentials for the HCP computer account used to query AD for groups.
    • All nodes can connect to AD.
  • Nodes misconfigured

    GUID-34EEC511-614F-4B72-92F4-83CA42B6B276-low.png

    At least one of these conditions is true:

    • The computer account for one or more nodes is missing from the AD domain. These accounts are created automatically when you configure HCP to support AD.
    • The credentials for the HCP computer account used to query AD for groups and other information are invalid on one or more nodes.
    • One or more nodes cannot connect to AD. To resolve these issues, reconfigure support for AD on the Active Directory page in the HCP System Management Console.

      If the problem persists, contact your authorized HCP service provider.

  • Reverse IP lookup failed for Active Directory server server-name. Record for server-ip-address not found.

    GUID-43E954A8-FD5A-4F14-81ED-C074E0B279CB-low.png

    Given the indicated IP address, HCP was unable to do a reverse IP lookup of the hostname of the AD domain controller.

    Make sure your DNS includes a PTR record for that IP address that specifies the correct domain controller hostname.

  • Reverse IP lookup mismatch for Active Directory server server-name. Record for server-ip-address points to server other-server-name.

    GUID-B43017FA-F840-44C3-800B-2859CB256C26-low.png

    HCP was able to do a reverse IP lookup of an IP address used to communicate with the AD domain controller, but the PTR record identifies a different domain controller.

    Make sure your DNS configuration includes a PTR record for the indicated IP address that specifies the correct domain controller hostname.

  • Service principal names are missing

    GUID-C2711F03-3598-4D87-AF35-DE0A050A2EF7-low.png

    The SPN attribute for one or more tenants or namespaces is missing from the AD domain. If the HCP system is involved in replication, these tenants and namespaces could be defined in any system in the replication topology.

    If the missing SPN attribute is for a namespace, have the administrator for the tenant that owns the namespace disable and reenable AD single sign-on for the namespace. If the missing SPN attribute is for a tenant, disable and reenable AD authentication for the tenant. If the issue is still not resolved, reconfigure HCP support for AD on the Active Directory page in the HCP System Management Console.

    If the problem persists, contact your authorized HCP service provider.

  • System correctly configured

    GUID-7158337B-0EDF-47D8-B11B-E3930C363EF9-low.png

    All of the following are true:

    • No HCP components are missing from the AD domain.
    • The HCP configuration of AD support is complete (that is, it’s not configured only for the CIFS protocol for the default namespace).
    • The username mapping file used by the CIFS protocol does not contain any invalid mappings.
  • Time server correctly configured

    GUID-511663CD-4068-4FBC-8B2E-7CA072D0F529-low.png

    HCP is configured to use an external time server.

 

  • Was this article helpful?