03-24-2015 05:04 AM
Hello,
like describe in "Configuring the CISCO WAAS Container" - Configuring Single Sign-On
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/user/guide/prime_infra_ug/WAAS.html
i get the error message "SSO server should have fully qualified domain defined in DNS" if I add the prime as SSO Server.
What`s wrong?
If I use
nslookup "Prime-IP"
or
nslookup "Prime-FQDN"
on prime-cli I get the right informations.
Prime Version 2.1 and (after update) Version 2.2.1, now.
Regards
Sven
Solved! Go to Solution.
03-24-2015 06:04 AM
Hi
There could be 3 reasons:
1. The CN on the certificate does not match
2. The DNS entry does not match.
3. The hostname of the SSO client doesn't match the first segment of the FQDN of the of the SSO client in DNS. E.g. if hostname is ncs-234-pi then the name in DNS server should start with that, e.g. ncs-234-pi.cisco.com
But SSO must not give the same error message for all three conditions.
There is known bug for it CSCus11482
https://tools.cisco.com/bugsearch/bug/CSCus11482
- Ashok
************************************************************************************************************
Please rate the useful post or mark as correct answer as it will help others looking for similar information
************************************************************************************************************
03-24-2015 06:04 AM
Hi
There could be 3 reasons:
1. The CN on the certificate does not match
2. The DNS entry does not match.
3. The hostname of the SSO client doesn't match the first segment of the FQDN of the of the SSO client in DNS. E.g. if hostname is ncs-234-pi then the name in DNS server should start with that, e.g. ncs-234-pi.cisco.com
But SSO must not give the same error message for all three conditions.
There is known bug for it CSCus11482
https://tools.cisco.com/bugsearch/bug/CSCus11482
- Ashok
************************************************************************************************************
Please rate the useful post or mark as correct answer as it will help others looking for similar information
************************************************************************************************************
03-24-2015 07:58 AM
Hello Ashok,
thanks for your help.
The certificate was the problem.
Different in lower/upper case between certificate (CN) and DNS
Regards
Sven
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide