Logon error: Access denied when enabling LDAP TLS=Y

book

Article ID: 207694

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Unable to resolve AD FQDN name due to the below error.

U00045014 Exception 'javax.naming.CommunicationException: "isace.it:636"' at 'com.sun.jndi.ldap.Connection.<init>()'.
U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "java.security.cert.CertificateException: No name matching TESTDC.it found"' at 'sun.security.ssl.Alert.createSSLException()'.
U00045015 The previous error was caused by 'java.security.cert.CertificateException: "No name matching TESTDC.it found"' at 'sun.security.util.HostnameChecker.matchDNS()'

 

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Resolution

If you have multiple AD then add them to the AE with FQDN node list separated by semicolon, like below.

SERVER     TESTDC.COM:636;TESTDC01.it:636;TESTDC02.it:636;TESTDC.it:636
TLS      Y
USE_DISTINGUISHED_NAME N
USR_EMAIL1    mail
USR_FIRSTNAME   givenName
USR_LASTNAME   sn