HP ProLiant Gen9 - Issues Generating a Keytab Using Ktpass.exe; Testing SSL

To Next Page

To Previous Page

HP iLO errors 258

221 Goodbye (reset).

Connection closed by remote host.

ftp> quit

Issues generating a keytab using ktpass.exe

If you use ktpass.exe to generate a keytab, you have to specify a principal name using the -princ

argument.

Principal names must be entered as follows:

HTTP/ilo.somedomain.com@SOMEDOMAIN.COM

This is case-sensitive. The command must be entered as follows:

• The first part of the command is uppercase (HTTP)

• The middle part is lowercase (ilo.somedomain.com)

• The last part is uppercase (@SOMEDOMAIN.COM)

If you do not format the command exactly as shown, the command does not work.

Here is an example of the full ktpass.exe command:

ktpass +rndPass -ptype KRB5_NT_SRV_HST -mapuser myilo$@somedomain.net

-princ HTTP/myilo.somedomain.net@SOMEDOMAIN.NET -out myilo.keytab

Testing SSL

The following test checks for the correct security dialog prompt. A non-working server will proceed to a Page

cannot be displayed message. If this test fails, your domain controller is not accepting SSL connections,

and probably has not been issued a certificate.

1. Open a browser and navigate to <https://<domain controller>:636.

You can substitute <domain> in place of <domain controller> which accesses the DNS and

checks which domain controller is handling requests for the domain. Test multiple domain controllers to

verify all of them have been issued a certificate.

2. If SSL is operating correctly on the domain controller (a certificate is issued), you are prompted with a

security message asking if you want to proceed with accessing the site, or view the server certificate.

Clicking Yes does not display a webpage. This is normal. This process is automatic, but might require

rebooting. To avoid rebooting:

a. Open the MMC.

b. Add the certificates snap-in.

c. When prompted, select Computer Account for the type of certificates you want to view.

d. Click OK to return to the certificates snap in.

e. Select Personal>Certificates folder.

f. Right-click the folder and select Request New Certificate.

g. Verify Type is domain controller and click Next until a certificate is used.

You can also use Microsoft LDP tool to verify SSL connections. For more information on the LDP tool, go to the

Microsoft website at http://www.microsoft.com/support (http://www.microsoft.com/support).

Related product manuals