DCE SSL Has Expired - Can Not Log On

DCIM_Support · ‎2020-07-05

The self signed certificates have expired on a DCE server and I am unable to log in. It is not even allowing me to log in with a local user account.

Is there any other way to get in to the server to resolve this issue?

DCIM_Support · ‎2020-07-05

Dear James,

Please, show a screenshot of your problem so that it can be identified.

With respect.

DCIM_Support · ‎2020-07-05

This is what I get presented with, even though the credentials are correct.

DCIM_Support · ‎2020-07-05

Also would an expired SSL certificate stop AD from working?

DCIM_Support · ‎2020-07-05

Dear James,

I do not see in the screenshot the mention of a problem with any certificate.

But if a user from MS AD and his certificate is no longer valid, it is very possible that access to the DCE-server will be denied (for this user).

I highly recommend trying to log into DCE using a local user with DCE administrator privileges.

With respect.

DCIM_Support · ‎2020-07-05

James,

Did you say you already tried a local user account?

DCIM_Support · ‎2020-07-05

Yes I have already tried with a local user and this still doesn't grant access. There is no error message about the SSL certificate except for the one asking if you want to trust the untrusted certificate that has expired.

Given that I have no access to the DCE server is there any other way to get in or restore?

DCIM_Support · ‎2020-07-05

Hi James,

I've not seen an SSL error cause the error:

Is this happening on both the web page and through the client? From multiple systems? How are you certain that the certs have expired to cause this, just the untrusted error? Usually when you accept it, you can get past that error.?

Just to be sure it's nothing to do with users, I would reset the local admin password using the following process:

http://www.apc.com/us/en/faqs/FA158547

You can even try rebooting the server alone to make sure it's not some hung process but I would suggest the reset option.

Thanks,

Steve

DCIM_Support · ‎2020-07-05

Steven Marchetti - Thanks for the reset link. I used it to reset the local username and log back into the server. After some investigation I found that if I delete a user then add them back again they could log in.

I don't know if this was caused by the SSL expiring, or it was an AD issue (didnt change any settings) or a DCE issue. Either way it looks like a lot of user admin work for the next few days.

DCIM_Support · ‎2020-07-05

Thanks for the update. I've never seen users needing to be re-added...ssl issue or not. I'm guessing the 2 may be different issues.If your AD admin has changed user location in AD, that might cause this user issue.

DCIM_Support · ‎2020-07-05

Hi Nigel Fanning and Steven Marchetti

Please can we look at this again? Perhaps share some logs.

If this happens again, removing and re-adding users is an extreme fix.

We would appreciate some help to continue the investigation

Thanks you

Chris

DCIM_Support · ‎2020-07-05

Hello

I was never informed on what may have changed. As I stated, an SSL cert will not require that users be removed or re-added. If you needed to reset the user name via the link I sent, something other than an SSL issue was the cause.
As for AD users, an SSL cert may have been required to communicate with an active directory server but if that was past due, replacing that cert should be the only thing that needed to be done. If You changed where the user had resided in active directory, that would cause the need to remove and re-add the user. There's nothing I can do about that.

The logs will not tell me anything about what may have changed, it will only tell me if there was an issue with a user logging in or perhaps a connection to the AD server. An SSL cert can cause the latter.

DCIM_Support · ‎2020-07-05

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.