After upgrading the FMS (Foglight Management Server) users are unable to login with LDAPS authentication.
With debug logging enabled, the error below is noted:
DEBUG [http-exec-1] com.quest.nitro.service.security.auth.spi.NitroExtendedLdapLoginModule - Error connecting to LDAP server: ldaps://192.168.100.50:636/
javax.naming.CommunicationException: simple bind failed: 192.168.100.50:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
As per the Upgrade Guide, this issue can be resolved with the following steps to restore the saved cacerts file to the proper folder.
NOTE: The JRE on disk is replaced completely during a Management Server
On an FMS upgrade we can see the saved cacerts file is placed in the previous version subfolder. The file that should be replaced in this example is in the $FGLHOME/jre/lib/security folder.
STATUS: FGL-18240 was closed as 'preserve the cert file which is done as documented.
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책