Cognos Analytics

 View Only
Expand all | Collapse all

Enabling Secure Communication to the Active Directory Server

  • 1.  Enabling Secure Communication to the Active Directory Server

    Posted Fri February 26, 2021 11:43 AM
    In Cognos I want to enable secure communication to the Active Directory Server. So I found the link below:
    https://www.ibm.com/support/knowledgecenter/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/t_stp_ssl_active_drctry.html

    Following the documentation I performed the actions below:

    1) With Microsoft Management Console (MMC) tool imported the certificate I got from the AD administrator in the certificate store for the local computer.
    2) Opened port 636 in the Windows firewall.
    3) Changed the port in Cognos configuration to 636.

    But when I test the setting in Cognos Configuration:

    ['AD name']
    [ ERROR ] CAM-AAA-0146 The namespace 'NAMESPACE-NAME' is not available.
    [ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
    [ ERROR ] CAM-AAA-0043 The LDAP directory server 'servername':'636' is not running.
    [ ERROR ] ADSI Error HRESULT Returns:
    ERROR_DS_SERVER_DOWN
    ADSI Error:
    System Error:
    The server is not operational.

    If I change the port back to 389 it is working again. The AD administrator confirmed that port 636 is open and should work and the necessary authorizations for the Cognos servers are applied. Other applications are using port 636/SSL successfully.

    Am I doing something wrong? How can I check if the certificate was installed correctly? With the command certlm.msc I can see the certificates in the Certificates - Local computer / Intermediate Certification Authorities / Certificates. Is this the correct place?
    How can I fix this issue?

    ------------------------------
    Thomas van der Meer
    ------------------------------

    #CognosAnalyticswithWatson


  • 2.  RE: Enabling Secure Communication to the Active Directory Server

    Posted Tue March 02, 2021 07:37 AM
    With a little help from our network specialist I have been able to configure LDAPS.
    This is what is done:

    We received 2 certificate files from the AD administrator. A .p7b and a .txt file. We only needed the .txt file in our case.
    1) The .txt file is renamed to a .der file. Yes, only rename.
    2) With Microsoft Management Console (MMC) tool imported the certificate (.der file). First for the current user and then for the local machine.
    3) Place all the certificates in the 'Trusted Root Certification Authorities ' store
    4) Changed the port in Cognos configuration under security.Authentication/AD host and port to 636.
    5) Save and test configuration. Then restart Cognos.

    ------------------------------
    Thomas van der Meer
    ------------------------------