Not able to login with 'admin' user in Management UI of Symantec Directory Manager
Article ID: 272105
Updated On:
Products
Issue/Introduction
After installing Symantec Directory Manager, you are not able to login to management UI with 'admin' user.
Looking at the apps.log under $DXUIHOME/logs you noticed following errors being reported:
{"level":"info","message":"Creating LDAP connection to \"ldaps://mgmt_ui_host_name:10389\""}
{"level":"error","message":": Connection error when trying to connect, error: Error: Client network socket disconnected before secure TLS connection was established"}
{"id":"dcbe1XXXXXXb7ce0","level":"error","message":"Acquiring an LDAP connection from the pool: failed to acquire an LDAP connection, error: Error: Client network socket disconnected before secure TLS connection was established"}
{"level":"info","message":"Creating LDAP connection to \"ldaps://mgmt_ui_host_name:10389\""}
{"id":"dcbe1XXXXXXb7ce0","level":"error","message":"Load email configurations for all environments with email notification enabled: error - Error: Server operation failed"}
{"level":"error","message":": Connection error when trying to connect, error: Error: Client network socket disconnected before secure TLS connection was established"}
{"id":"a8b9XXXXXXX12b7","level":"error","message":"Acquiring an LDAP connection from the pool: failed to acquire an LDAP connection, error: Error: Client network socket disconnected before secure TLS connection was established"}
{"level":"error","message":": Connection error when trying to connect, error: Error: Client network socket disconnected before secure TLS connection was established"}
...
...
{"level":"info","message":"Local user authentication"}
{"level":"info","message":"Authenticating user \"admin\" ..."}
{"level":"info","message":"Authenticating user \"admin\" ...: authenticating user against server \"ldaps://mgmt_ui_host_name:10389\""}
{"level":"error","message":"Authenticating user \"admin\" ...: Connection error when trying to connect to LDAP server, error: Error: Client network socket disconnected before secure TLS connection was established"}
{"level":"info","message":"::ffff:XX.XX.XX.XXX - - [21/Aug/2023:16:21:33 +0000] \"POST /login HTTP/1.1\" 500 2\n"}
{"level":"info","message":"::ffff:XX.XX.XX.XXX - - [21/Aug/2023:16:21:33 +0000] \"GET /assets/lib/img/small-spinner.gif HTTP/1.1\" 200 673\n"}
Environment
Release : 14.1
Resolution
There are two possibilities for this to happen.
Either
1) The DSA personalities certificates for two DSAs that the Directory Manager uses are missing.
i.e.
hostname-management-ui
hostname-monitoring-management-ui
Check under $DXHOME/config/ssld/personalities folder on this Directory Manager host to confirm if you have the following certs or not.
hostname-management-ui.pem
hostname-monitoring-management-ui.pem
If the certs are missing, you need to recreate them using following commands:
dxcertgen -i "CN=GenCA,O=MgmtUI,C=AU" -D "hostname-management-ui" certs
dxcertgen -i "CN=GenCA,O=MonitorMgmtUI,C=AU" -D "hostname-monitoring-management-ui" certs
NOTE: You need to replace the 'hostname-management-ui' and 'hostname-monitoring-management-ui' with your actual DSA names. If not sure, run 'dxserver status' command at the system prompt to get the exact names of these DSAs.
Or
2) The certificates are present but has been expired. Check the validify of the certs by running 'dxcertgen report'.
If the two certificates in question are expired, follow the same steps outlined above to regenerate them.
In either scenario, make sure to restart the Directory Manager process (i.e. node.js) along with these two DSAs and you should be able to log into Directory Manager successfully.
Additional Information
Further information/reference can be found in our Directory online product documentation at:
Feedback
