AREA and ARDBC using SSL (7.6.4)

Marshalonis, Dave [USA] Fri, 19 Aug 2011 12:19:31 -0700

Hello,



I seem to have an issue using SSL with AREA and ARDBC.  I went through all of 
the steps with the certutil to create the appropriate certificate database.  
So, when I look in arplugin.log it shows the settings that it is still trying 
to connect to our ldap server with a simple bind over port 389.  I have a 
ticket with BMC and have followed all of their troubleshooting guides but still 
don't know where to go.



The LDAP servers are actually Microsoft Active Directory Domain Controllers and 
are actually DoD Domain controllers - so they are locked down - security-wise.



Does anyone else have any lessons learned?



Below are some error logs...



 -dave
________________________________
Dave Marshalonis
Associate

Booz | Allen | Hamilton

Client Site: 703-995-6927
Cell: 703-577-2259

3120 */+GLS   ARDBCGetListSchemas
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3120 */<REMEDY.ARDBC.SERVER.ADMINISTRATION> 
<FINEST> ARDBCGetListSchemas Starts
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3120 */<REMEDY.ARDBC.SERVER.ADMINISTRATION> 
<FINEST> ARDBCGetListSchemas ends with returning OK.
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3120 */<ARSYS.ARDBC.LDAP> <FINEST> Entering 
ARDBCGetListSchemas
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3120 */<ARSYS.ARDBC.LDAP> <FINEST> Entering 
UpdateConfiguration(0)
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <FINEST> 
LoadSysConfigFile
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> 
Configuration File             C:\Program Files\BMC 
Software\ARSystem\conf\ar.cfg
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Host 
Name                      <ldapserver>
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Port 
Number                    636
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Using 
SSL                      1
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> User DN  
                      CN=Remedy_Service,OU=Service Accounts,OU=ATAC 
Administrators,DC=atac,DC=com
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> 
Certificate DB                 C:\nss
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Page 
Size                      10000
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Time 
Format                    0
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Plugin 
IO Timeout              600
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Network 
Connect Timeout        595
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3130 */<ARSYS.ARDBC.LDAP> <CONFIG> Base DN  
                      <NULL>
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <CONFIG> Cache 
Enabled                  False
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <CONFIG> 
Chase-Referrals:               Enabled
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <FINEST> Leaving  
UpdateConfiguration
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <FINER> 
Connecting via SSL(host=<ldapserver>, port=636, certPath=C:\nss)
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <FINER> timeout 
previously: -1
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <FINER> timeout 
used: 595000
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <FINER> 
ldap_set_option(Chase Referrals): ON
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3140 */<ARSYS.ARDBC.LDAP> <FINEST> 
ldap_simple_bind("CN=Remedy_Service,OU=Service Accounts,OU=ATAC 
Administrators,DC=atac,DC=com", hidden)
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3250 */<ARSYS.ARDBC.LDAP> <SEVERE> Can't 
contact LDAP server (LDAPERR 81)
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3250 */<ARSYS.ARDBC.LDAP> <FINEST> Leaving  
ARDBCGetListSchemas
<PLGN> <TID: 001868> <RPC ID: 0000000005> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:24.3260 */-GLS         FAILED during 
getlistforms
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3570 */+GMF   ARDBCGetMultipleFields        
   -- vendor ARSYS.ARDBC.LDAP
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3580 */<ARSYS.ARDBC.LDAP> <FINEST> Entering 
ARDBCGetMultipleFields 
(ldap://<ldapserver>.atac.com/O=atac.com??sub?(objectclass=user))
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3580 */<ARSYS.ARDBC.LDAP> <FINER> 
ldap_init("<ldapserver>.atac.com", 389)
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3580 */<ARSYS.ARDBC.LDAP> <FINER> timeout 
previously: -1
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3580 */<ARSYS.ARDBC.LDAP> <FINER> timeout 
used: 595000
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3580 */<ARSYS.ARDBC.LDAP> <FINER> 
ldap_set_option(Chase Referrals): ON
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3580 */<ARSYS.ARDBC.LDAP> <FINEST> 
ldap_simple_bind("CN=Remedy_Service,OU=Service Accounts,OU=ATAC 
Administrators,DC=atac,DC=com", hidden)
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3620 */<ARSYS.ARDBC.LDAP> <SEVERE> Strong 
authentication required (LDAPERR 8)00002028: LdapErr: DSID-0C0901FC, comment: 
The server requires binds to turn on integrity checking if SSL\TLS are not 
already active on the connection, data 0, v1772
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3630 */<ARSYS.ARDBC.LDAP> <FINEST> Leaving  
ARDBCGetMultipleFields
<PLGN> <TID: 001868> <RPC ID: 0000000006> <Queue: ARDBC     > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:36:38.3630 */-GMF   FAILED during get multiple 
fields.
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */+VL    AREAVerifyLoginCallback       
   -- user marshalonisd
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> Username:
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> marshalonisd
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> Network Address:
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> <IP>
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> Auth String:
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO>
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> Login request not 
coming from the BOXI-IP, checking MID-TIER-IP's...
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> User did not 
provide a valid Password String.
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<AREA.SSO> <INFO> User did not pass 
AREA SSO authentication. Login Failed
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<ARSYS.AREA.LDAP> <FINEST> 
AREAVerifyLoginCallback
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5580 */<ARSYS.AREA.LDAP> <FINER> Connecting 
via SSL(host=<ldapserver>, port=636, certPath=c:\nss with Server SSL 
Authentication enabled)
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5590 */<ARSYS.AREA.LDAP> <FINER> connect 
timeout previously: -1
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5590 */<ARSYS.AREA.LDAP> <FINER> connect 
timeout used: 35000
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5590 */<ARSYS.AREA.LDAP> <FINER> 
ldap_simple_bind("ATAC\svc_remedy", hidden)
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5850 */<ARSYS.AREA.LDAP> <SEVERE> Bind: 
Can't contact LDAP server (LDAPERR Code 81)
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5850 */<ARSYS.AREA.LDAP> <SEVERE> Bind: 
ldap_simple_bind failed [ATAC\svc_remedy]
<PLGN> <TID: 005172> <RPC ID: 0000000008> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.5850 */-VL                                
FAIL
<PLGN> <TID: 003252> <RPC ID: 0000000010> <Queue: AREA      > <Client-RPC: 
390695> /* Tue Aug 09 2011 13:37:02.6170 */+VL    AREAVerifyLoginCallback       
   -- user marshalonisd

_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"

AREA and ARDBC using SSL (7.6.4)

Reply via email to