Troubleshooting > Troubleshooting user accounts

  

 next

Troubleshooting user accounts

Incorrect privileges

Users must have view privileges (at minimum) on a managed object to see that object in the user interface.

Symptom Possible cause and recommendation

Unable to see specific resource information or perform a resource task

Your assigned role does not have the correct privileges

  • Request a different role or an additional role from the Infrastructure administrator in order to do your work.

Cannot modify local user account

Symptom

You cannot add, edit, or delete a local user account.

Improper authorization

Cause

You do not have proper authorization or you entered invalid parameters.

Action

  1. Log in to the appliance as the Infrastructure administrator.

  2. Try to add, edit, or delete the user account again.

    For more information, see Add or Edit User screen details.

Network issues

Action

  1. Log in to the appliance as the Infrastructure administrator.

  2. See Appliance cannot access the network

  3. Try to add, edit, or delete the user account again.

Appliance certificate needs to be updated

Cause

The appliance certificate is invalid or it has expired.

Action

  1. Log in to the appliance as the Infrastructure administrator.

  2. Acquire a new appliance certificate.

  3. Refresh the browser page.

  4. Accept the new certificate.

  5. Add the user account.

  6. Try to add, edit, or delete the user account again.

Cannot delete local user account

Symptom

The deletion fails with error code 500.

Action

  1. Perform the following REST API call to modify the user account to be deleted:

    PUT https://

{appl}/rest/users

  2. Try to delete the user account again.

Unauthenticated user or group

Each user is authenticated on login to the appliance by the authentication service that confirms the user name and password. The Edit Authentication screen enables you to configure authentication settings on the appliance; the default values are initially populated during first time setup of the appliance.

Symptom Possible cause and recommendation

Unable to configure a directory user or group

Configure authentication settings

  1. From the Users screen, click Add Directory User or Group.

  2. Click add a directory.

  3. From the Edit Authentication screen, click Add directory.

  4. Provide the requested information (see Add/Edit Directory Group screen details).

  5. Click OK.

User public key is not accepted

Symptom Possible cause and recommendation

User public key does not work or is not accepted

Hidden characters introduced during a copy/paste operation change the key code

  • Enter the key again, taking care to prevent special characters from being injected into the key when pasting it into the public key field.

  • Only RSA keys are supported.

Directory service not available

Symptom

The directory service could not be accessed by the appliance.

Directory service server is not available

The server for the directory service cannot be accessed.

Cause

Either the server for the directory service or the network is down.

Action

  1. Run the ping command on the directory server IP address or host name to determine if it is online.

  2. Verify that the appliance network is operating correctly.

  3. Contact the directory service administrator to determine if the server is down.

Inaccurate settings in the Add Directory screen

Cause

Configuration errors prevent the directory service from being reached

Action

  1. Verify that the name of the directory service is unique and entered correctly. Duplicate names are not accepted.

  2. Verify that the Directory type is correct.

  3. Ensure that the Base DN fields and, for OpenLDAP, the User naming attribute field, and Organizational unit fields are correct.

    For more information, see .Add/Edit Directory screen details.

  4. Verify that the credentials of the authentication directory service administrator are correct.

  5. Verify that the group is configured in the directory service.

  6. Ensure that the role assigned to the group is correct.

    For more information, see Add/Edit Directory Group screen details

Cannot add directory service

Symptom

You cannot add a directory service to the appliance.

Lost connection with directory server host

Cause

An external problem disconnected the directory server host.

Action

  1. Log in as the Infrastructure administrator

  2. Verify that the settings for the directory service host are accurate.

  3. Locally run the ping command on the directory server’s IP address or host name to determine if it is on-line.

  4. Verify that the port for LDAP communication with the directory service is port 636.

  5. Verify that the port (default port 636) you are using for communication is not blocked by any firewalls.

    See Ports required for HPE OneView.

  6. Verify that the appliance network is operating correctly.

  7. Determine that the appliance is functioning properly and that there are enough resources.

Cannot log in to the directory server host because the certificate has expired

Cause

The directory server host is refusing to authenticate the appliance because the certificate has expired.

Action

  1. Log in as the Infrastructure administrator

  2. Verify the login name and password are accurate.

    Contact the directory service provider to ensure that the credentials are accurate.

  3. Reacquire and install the directory service host certificate.

Cannot log in to the directory server host because of an invalid certificate

Cause

The certificate is not in valid x509 format.

Action

  1. Log in as the Infrastructure administrator

  2. Correct the configuration and try again.

  3. Re-acquire and install the directory service host certificate, if necessary.

  4. Contact the directory service provider to ensure that the credentials are accurate.

Cannot log in to the directory server host because the certificate lacks the digital signature

Cause

The certificate does not contain the x509v3 key usage extension.

Action

  1. Log in as the Infrastructure administrator

  2. Ensure that the certificate contains the key usage extension.

  3. Re-acquire and install the directory service host certificate, if necessary.

Cannot log in to the directory server host because of inaccurate credentials

Cause

The directory server host cannot authenticate the appliance because the credentials are invalid.

Action

  1. Log in as the Infrastructure administrator

  2. Verify the login name and password are accurate.

  3. Verify the search context information is accurate; you might be trying to access a different account or group.

  4. Re-acquire and install the directory service host certificate.

  5. Contact the directory service provider to ensure that the credentials are accurate.

Cannot add server for a directory service

Symptom

You cannot configure a server for the directory service.

Lost connection with directory service host

Cause

The appliance lost connection with the directory service, but that connection was lost.

Action

  1. Verify that the settings for the directory service host are accurate.

  2. Verify that the correct port is used for the directory service.

  3. Verify that the port (default port 636) you are using for communication is not blocked by any firewalls.

    See Ports required for HPE OneView.

  4. Locally run the ping command on the directory service host’s IP address or host name to determine if it is on-line.

  5. Verify that the appliance network is operating correctly.

  6. [Conditionalized for TBunsupported] If the appliance is hosted on a virtual machine, determine that it is functioning properly and there are enough resources.

Cannot log in because of inaccurate credentials

Cause

There is an authentication error when logging in to the server for the directory service.

  1. Verify that the login name and password are accurate.

  2. Reacquire and install the directory service host certificate.

  3. Contact the directory service provider to ensure that the credentials are accurate.

Cannot log in because of configuration errors in the Add Directory screen

Cause

There are incorrect parameters when the directory service was configured.

Action

  1. Verify that the name of the directory service is unique and entered correctly. Duplicate names are not accepted.

  2. Verify that the Directory type is correct.

  3. Ensure that the Base DN fields and, for OpenLDAP, the User naming attribute field, and Organizational unit fields are correct.

    For more information, see Add/Edit Directory screen details

  4. Verify that the credentials of the authentication directory service administrator are correct.

  5. Verify that the group is configured in the directory service.

Cannot add directory group

Symptom

The directory group could not be added as a group on the appliance.

Group is already mapped

Cause

The specified authentication directory and group specified already exist. Groups must be unique.

Action

  1. Log in as Infrastructure administrator.

  2. Reassign the current group to another role, or otherwise make the group unique.

Connection with directory service host was lost

Cause

An external problem disconnected the directory server host.

Action

  1. Log in as the Infrastructure administrator.

  2. Verify that the settings for the directory service host are accurate.

  3. Verify that the correct port is used for the directory service.

  4. Verify that the port (default port 636) you are using for communication is not blocked by any firewalls.

    See Ports required for HPE OneView.

  5. Locally run the ping command on the directory service host IP address or host name to determine if it is online.

  6. Verify that the appliance network is operating correctly.

  7. If the appliance is hosted on a virtual machine, determine that the virtual machine is functioning properly and enough resources are allocated to it.

Credentials were inaccurate

Cause

Authentication problems prevented the appliance from logging in to the directory service.

Action

  1. Log in as the Infrastructure administrator.

  2. Verify that the login name and password are accurate.

  3. Reacquire and install the directory service host certificate.

  4. Contact the directory service provider to ensure that the credentials are accurate.

Cannot find directory group

Symptom

A specified group could not be found in the authentication directory service.

Group is not configured in the directory service

Cause

Either the group is not configured in the authentication directory service or the search parameters contained an error.

Action

  1. Log in as the Infrastructure administrator

  2. Verify the credentials for the authentication directory service.

  3. Verify that the directory service is operational.

  4. Verify the name of the group.

  5. Contact the directory service administrator to verify that the group account is configured in the directory service.

  6. Try to find the group again.

    For more information, see About directory service authentication.

Directory type is incorrect

Cause

The directory type was incorrectly specified. For example, an Active Directory service might have be specified as OpenLDAP.

Action

  1. Log in as the Infrastructure administrator

  2. Verify that the settings for the directory service are accurate.

Search does not return any directory groups

Cause

The specified search of the authentication directory service does not contain any groups.

Action

  1. Log in as the Infrastructure administrator

  2. Verify the directory server configuration.

  3. For OpenLDAP, ensure that the directory server user has read privileges (rscdx) so that HPE OneView can read the search results.

  4. For OpenLDAP, add all search contexts to retrieve the wanted group or groups. Use the Add button to generate additional multiple organizational units, with which to specify the UID or CN.

    For more information, see Add/Edit Directory screen details

Error occurred while accessing directory groups

Cause

An error occurred while accessing directory groups. Directory service servers could not be reached.

Action

  1. Log in as the Infrastructure administrator

  2. Verify the directory server configuration.

  3. Verify the connection to the directory server host.

  4. For OpenLDAP, add all search contexts to retrieve the wanted group or groups. Use the Add button to generate additional multiple organizational units, with which to specify the UID or CN.

    For more information, see Add/Edit Directory screen details

Error occurred while retrieving groups from the directory server

Cause

An external problem prevented the appliance from reaching the server configured for the directory service.

Action

  1. Log in as the Infrastructure administrator

  2. Verify the connection to the directory server host. See Cannot add server for a directory service .

  3. Verify the directory server configuration.

prev

 

up

 next

Troubleshooting switches 

home

 Unmanaged Devices

Copyright © 2013, 2016 Hewlett Packard Enterprise Development LP