Loading...
Loading...
User is unable to login to iDRAC10 with AD Smart Card. The same configuration may be working on iDRAC9 systems. The iiam.log from a debug supportassist collection shows the following error. time="2026-04-20T11:35:39.473+02:00" level=error msg="incorrect COMMON_NAME for cacpiv certificate" correlationID=3a6854f2-d2bb-4352-81c2-70e9d8e8ec5c file=cacpivClient.go line=344 prog="ciam service"
The iDRAC10 implementation prior to Firmware 1.30.60.50 enforces strict attribute matching rules that may not align with enterprise certificate configurations. Authentication requires: User Certificate Subject CN must exactly match the AD user CN Certificate UPN prefix must match the AD user CN Example 1 - Certificate CN to AD Object CN mismatch AD User Object cn: admin-user userPrincipalName: admin-user@example.comCertificate Subject: CN=admin-user@example.com SAN: UPN=admin-user@example.com Example 2 - SAN UPN Prefix to AD Object CN mismatch AD User Object cn: admin user userPrincipalName: admin_user@example.comCertificate Subject: CN=admin user SAN: UPN=admin_user@example.com
The iDRAC10 Firmware Version 1.30.60.50 has redesigned the authentication logic to align with iDRAC9 behavior. The new behavior will: Extract the UPN from the certificate SAN extensions (first UPN entry) Use UPN to query Active Directory user. Validate authentication by comparing it against the user's userCertificate attribute.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
BugZero Plan
Streamline upgrades with automated vendor bug scrubs
BugZero Prevent
Wish you caught this bug sooner? Get proactive today.