Verify LDAP Configuration on External Domain
The secure Lightweight Directory Access Protocol (LDAP) should only be enabled when the external domain client has been configured to use the secure LDAP (with the proper SSL certificate). If this protocol is enabled from the Add New Domain Controller dialog box, but not configured from the external domain, then the feature is not enabled. To verify whether the external domain client has been configured for LDAP with the proper SSL certificate, complete the following:
-
Launch the Microsoft LDP utility, which is an LDAP client query utility. For more information about this utility, see https://technet.microsoft.com/en-us/library/cc771022.aspx.
-
Click the Connections menu option, and select Connect.
-
From the Connect dialog box, enter the following information:
-
Server: Enter the name of the external domain server, e.g., computer.domain.com.
-
Port: Enter 636 as the port number for the external domain server.
-
SSL: Mark this checkbox to check for the proper certificate.
-
-
Click OK. If properly configured for LDAP, the external domain server details will be displayed in the LDP windowpane. If not configured for use with LDAP, an error message will appear indicating that a connection cannot be made using this feature.
Failed to Log On to the CommCell Console
Symptom
Login to the CommCell Console failed with the following connection error:
Connection to CommServe is lost. Do you want to reconnect?
Cause
The Entrust Certificate is missing on the computer which has the CommServe software installed.
Resolution 1
You have to manually install the Entrust Certificate using the following steps:
-
Log on to the computer where the CommServe has been installed.
-
Go to Start > Program Files > Commvault > Commvault > Base.
-
Right-click CVSession.dll and then click Properties.
-
In the CVSession.dll Properties dialog box, click the Digital Signatures tab, and under the Signature list section, select Commvault and click Details.
-
In the Digital Signature Details dialog box, click View Certificate.
-
In the Certificate dialog box, click the Certification Path tab, select Entrust (2048) and click View Certificate.
-
In the second Certificate dialog box, click Install Certificate and follow the installation wizard by accepting default values.
After the installation, click OK to close the second Certificate dialog box.
-
In the first Certificate dialog box, select Entrust Code Signing Certification Authority-L1D and click View Certificate. Repeat step 7 to install the certificate.
Resolution 2
Install a CA certificate for a secure LDAP connection.
-
Fetch CA certificate from the active directory domain.
-
Copy the CA certificate to the CommServe computer.
-
Double click the certificate.
The Certificate dialog box appears.
-
Click Install Certificate.
The Certificate Import Wizard wizard appears.
-
Select Local Machine, and then click Next.
-
Select Place all certificates in the following store.
-
Select the trusted root certificate folder:
-
Click Browse.
The Select Certificate Store dialog box appears.
-
Select Trusted Root Certification Authorities, and then click OK.
-
-
Click Next, and then click Finish.
A message appears saying the certificate is imported successfully.