Yes, applied on both Admin & Managed server.

Here AD people are not very clear about the integration between AD and OBIEE. Hectic time.

Could you please provide the steps if you have documented.

Thanks much for support.

I will do a try today and send you the log files.

Dear GermanA,

Thanks much for the update. Please find the details below

1. Are your certificates signed by a known CA? --> How to check that?
2. Did you import the whole chain into the keystore? --> We have created the Keystore based on the certificate provided by organization.
3. Did you also import it into the adapters.jks (libovd) keystore? --> No, I have no idea.
4. Have you opened a SR for this?  If so, what's the number? --> Sev1 (SR 3-16809344191 : Need to configure MS AD on port 636 as an authenticator in Weblogic Console)

Following are the error message from domain log under Admin Server Logs.

[Security:090294]could not get connection

unable to find valid certification path to requested target

####<Feb 8, 2018, 1:13:19,390 AM EST> <Warning> <Security> <elydrscdev.my.org> <AdminServer> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000002> <1518070399390> <[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-099117> <The LDAP authentication provider named "MSADHRDSB" failed to make a connection to LDAO server at ldaps://myorg:636, the error cause is: General SSLEngine problem.>

####<Feb 8, 2018, 1:14:41,803 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004c> <1518070481803> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server bi_server1 : General SSLEngine problem>

####<Feb 8, 2018, 1:14:42,79 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000004f> <1518070482079> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obiccs1 : General SSLEngine problem>

####<Feb 8, 2018, 1:14:43,249 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000052> <1518070483249> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obis1 : General SSLEngine problem>

####<Feb 8, 2018, 1:14:44,412 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000055> <1518070484412> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obips1 : General SSLEngine problem>

####<Feb 8, 2018, 1:14:45,562 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000058> <1518070485562> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obijh1 : General SSLEngine problem>

####<Feb 8, 2018, 1:14:46,705 AM EST> <Error> <NodeManager> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-0000005b> <1518070486705> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-300048> <Unable to start the server obisch1 : General SSLEngine problem>

####<Feb 8, 2018, 1:16:42,178 AM EST> <Error> <Console> <elydrscdev.my.org> <AdminServer> <[ACTIVE] ExecuteThread: '8' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <6d2fe73d-de90-40e8-a2f3-40032a445715-00000062> <1518070602178> <[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] > <BEA-240003> <Administration Console encountered the following error: weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection

Caused by: netscape.ldap.LDAPException: General SSLEngine problem (91); Cannot connect to the LDAP server

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

Best Regards,

Ritesh

Dear Michael,

Thanks.

I have got the correct certificate from LDAP AD team and import into correct location in the server.

Post import the certificates using keytool command , i have re-enter the AD administrator credentials in provider specific and save it. After saving i did not get any issue. I have activate the changes. Restarted the services. Now i can see the all the AD users in Security realm -->ADProvider --> User and Group.

However, none of the AD users including weblogic user are able to login into Analytics page ( Username & Password incorrect error). I will share the logs as well.

I have set the vertualize opetion is True in EM conole as well but same issue persists.

However, I have not set the keystore options in Admin server or Manage Server level.

Could you please guide me on the error. Our development activity is completely stuck because of weblogic user is not able to login analytics page.

Best Regards,

Ritesh