ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Enforce unable to import users when using secure SSL 636 Error domaindnszones.local No subject alternative DNS

book

Article ID: 236975

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite

Issue/Introduction

Error when importing users to enforce using 636 

Error:

java.security.cert.CertificateException: No subject alternative DNS name matching DomainDnsZones.internal found.java.security.cert.CertificateException: No subject alternative DNS name matching DomainDnsZones.internal found.

Cause

Cause is likely due to the DNS entry in the Load Balancer pointing to a DNS instead of AD server.

Environment

DLP 15.x

Resolution

Bypass Load Balancer and connect directly to a domain controller. 

If issue persists follow this kb:

User data import from AD Logins Data Source failing with SSL handshake exception:

https://knowledge.broadcom.com/external/article?articleId=226337

Ensure you are using the domain certificate in DLP.