Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connection type - 'AD' failing with IPS but working with FQDN

Kaushik1
New Contributor
New Contributor

‎06/06/2023 04:28 AM

Hi Team,

We have AD and ADLDS connections working fine till now, but started failing all of sudden with with the error - No subject alternative names matching IP address 'xyz' found. After updating it to FQDN it is successful now. What should be the best approach to set up is it URL or the FQDN?

It is working in other Saviynt environment but not in lower environment.  Were there any recent changes made in latest versions which results in failure of connections.

Labels:
0 Kudos
5 REPLIES 5

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎06/06/2023 06:36 AM

Hello @Kaushik1,

It is recommended to use the Fully Qualified Domain Name (FQDN) instead of the IP address. This provides more flexibility and makes maintenance easier, especially when there are changes to the underlying infrastructure.

To use a fully qualified hostname, you need to set up a DNS resolver, which is typically done by the Saviynt Infrastructure team. If you need further assistance, you can contact the Saviynt Support team by raising a Freshdesk ticket.

The error message you encountered, "No subject alternative names matching IP address 'xyz' found," suggests that the system was trying to validate the SSL certificate for the connection but couldn't find a matching Subject Alternative Name (SAN) for the provided IP address. Using the FQDN instead of the IP address can often resolve this issue.

If the connections are working in other Saviynt environments but failing in a lower environment, it would be helpful to compare the configuration and validate the certificate and versions between the working and non-working environments to identify any differences.

Thanks,

 
If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Victor
New Contributor
New Contributor

‎06/07/2023 12:16 AM

We also have recently had the same issue, all of a sudden, no connectivity in the lower environment. Looks like there has been a change.
We do have the FQDN but not configured to be resolved atm.

0 Kudos

Kaushik1
New Contributor
New Contributor
In response to Victor

‎06/07/2023 12:51 AM

Hi Team,

When we say -  'no connectivity in the lower environment' Is it Saviynt who is reporting or this is being raised by other customers as well?

0 Kudos

Riku
Regular Contributor
Regular Contributor
In response to Victor

‎06/07/2023 01:12 AM

Hi

We also have recently had the similar/same issue, all of a sudden, no connectivity in the Test environment. Looks like there has been a change.

We have used ip address to connect AD in our Test environment, but it doesn't work anymore.

Regards

Riku

0 Kudos

Rishi
Saviynt Employee
Saviynt Employee

‎06/07/2023 07:57 AM

If you are using IP address and trying to make SSL connection, then it will always going to throw certificate error because the SAN name used in the certificate will not match the hostname (in this case IP address).

So if IP address was working before then most probably there could have been a local host entry mapping the IP with SAN name present in certificate. This is not a recommended approach as the local host file can get overwritten based system refresh.

Never use IP address in any environment. In case the FQDN resolution is failing then open a support ticket to configure DNS forwarding so that FQDN resolution can work based on customer DNS server.

Copyright © 2024 Khoros, LLC