Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
0
Helpful
2
Replies

Prime - Add SSO Server failed

Go to solution
sniff
Level 1
Level 1

‎03-24-2015 05:04 AM

Hello,

like describe in "Configuring the CISCO WAAS Container" - Configuring Single Sign-On

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/user/guide/prime_infra_ug/WAAS.html

 

i get the error message "SSO server should have fully qualified domain defined in DNS" if I add the prime as SSO Server.

What`s wrong?

 

If I use

nslookup "Prime-IP"

or

nslookup "Prime-FQDN"

on prime-cli I get the right informations.

Prime Version 2.1 and (after update) Version 2.2.1, now.

 

Regards

Sven

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ashok Kumar
Cisco Employee
Cisco Employee

‎03-24-2015 06:04 AM

Hi

There could be 3 reasons:


1. The CN on the certificate does not match
2. The DNS entry does not match.
3. The hostname of the SSO client doesn't match the first segment of the FQDN of the of the SSO client in DNS. E.g. if hostname is ncs-234-pi then the name in DNS server should start with that, e.g. ncs-234-pi.cisco.com

But SSO must not give the same error message for all three conditions.

There is known bug for it CSCus11482

https://tools.cisco.com/bugsearch/bug/CSCus11482


- Ashok

************************************************************************************************************

Please rate the useful post or mark as correct answer as it will help others looking for similar information

************************************************************************************************************

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Ashok Kumar
Cisco Employee
Cisco Employee

‎03-24-2015 06:04 AM

Hi

There could be 3 reasons:


1. The CN on the certificate does not match
2. The DNS entry does not match.
3. The hostname of the SSO client doesn't match the first segment of the FQDN of the of the SSO client in DNS. E.g. if hostname is ncs-234-pi then the name in DNS server should start with that, e.g. ncs-234-pi.cisco.com

But SSO must not give the same error message for all three conditions.

There is known bug for it CSCus11482

https://tools.cisco.com/bugsearch/bug/CSCus11482


- Ashok

************************************************************************************************************

Please rate the useful post or mark as correct answer as it will help others looking for similar information

************************************************************************************************************

0 Helpful

Go to solution
sniff
Level 1
Level 1

‎03-24-2015 07:58 AM

Hello Ashok,

 

thanks for your help.

 

The certificate was the problem.

Different in lower/upper case between certificate (CN) and DNS

 

Regards

Sven

0 Helpful
Customers Also Viewed These Support Documents