So how is the lb setup? does it terminate the tls connection or it’s a pass through to one of the AD nodes ?
To my knowledge, it passes the connect through to the AD node. My understanding from having read the documentation was I should use the root CA cert so all child certs were trusted - this isn't working.
Is there anything in the appserver log when this happens ? or in the gui error log ? like a full stack trace ?
Hi Bill, no, that's the unfortunate thing. The appserver.log or console.log show nothing. No connection failure notice or further information.
When you say GUI log, where would I find that?
I have tried to post an image to this thread of the error but I'm getting Image Type is Forbidden - it's a jpeg.
what about in the gui log?
can you try the same operation via the blcli and see if there is any useful output ? also - do you see the connection getting to the AD node ??
and the connection through the lb is pass through? the tls is not terminating on the vip ? and this vip is otherwise working for other applications ?
Where do I find the GUI log?
When you say try the same thing via blcli, can you expand on this?
I don't have access to the AD nodes, but like I mentioned above, when configured directly with an AD DC hostname the connection works fine.
The connection through the LB is passthrough (redirect) I believe the TLS is terminating at the AD DCs. The VIP is working fine for other applications.
'window | show view | error log' - see if there's any useful stack trace there.
if you run this:
blcred -x ldapStore.pem cert -add -host <host>:<port> -protocol ldap
and use the vip for the host, what happens ?