LDAPs user cannot logon: U00045040 LDAP check with logon user 'USER\DEPARTMENT' failed.
search cancel

LDAPs user cannot logon: U00045040 LDAP check with logon user 'USER\DEPARTMENT' failed.

book

Article ID: 244550

calendar_today

Updated On: 09-03-2024

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

A secure LDAP user cannot log on to the AWI. The certificate from the AD server was imported into the Java keystore with the following command:

java -jar ucsrvjp.jar -installcert <host>:<sslport>

The JWP log shows the following messages:

U00045040 LDAP check with logon user 'USER\DEPARTMENT' failed.
U00045033 Log on to LDAP server 'LDAP_Server:636' with user 'USER\DEPARTMENT'.
U00045014 Exception 'javax.naming.CommunicationException: "LDAP_Server:636"' at 'com.sun.jndi.ldap.Connection.<init>():251'.
U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "No subject alternative DNS name matching LDAP_Server found."' at 'sun.security.ssl.Alert.createSSLException():131'.
U00045015 The previous error was caused by 'java.security.cert.CertificateException: "No subject alternative DNS name matching LDAP_Server found."' at 'sun.security.util.HostnameChecker.matchDNS():212'.

 

Environment

Release: 21.X, 24.X

Component: Automic Automation Engine

Cause

The imported certificates did not have a short name as an SAN entry.

Resolution

Make sure that all certificates and keys contain the FQDN. The FQDN should also be used in the UC_LDAP_*   for the SERVER variable.