Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better

RHEL5 registration in RHN ("Red Hat Classic") on proxy protected network

News RHEL subscription management Recommended Books Recommended Links Installation CheckList Oracle Linux Registration Administration Migrating systems from RHN to RHNSM
Redhat Networking bash NTP configuration on RHEL Sendmail on RHEL LVM How to change IP address in RHEL Humor Etc

For RHN Red Hat Enterprise Linux 5 uses for registration new utility  rhn_register instead of old up2date . This application works with the yum-based RHN Hosted and RHN Satellite client called Package Updater (or pup) that replaces up2date. For more information about pup, refer to Chapter 3, Package Updater.

Latest version of RHEL 5 such as 5.11 can also use new registration system (I think the minimum is 5.8). That makes sense only of RHN registration system is completely screwed (which is true if you need anything else then basic patches) and can't provide the the functionality you need.  See Migrating systems from RHN to RHNSM

Red Hat Enterprise Linux 6 uses for registration utility  rhn_register, the same as RHEL5   This application works with the yum-based RHN Hosted and RHN Satellite client called Package Updater (or pup) that replaces up2date. For more information about pup, refer to Chapter 3, Package Updater.

The rhn_register  application normally runs as part of the firstboot  configuration process just after installation. The first time a newly-installed Red Hat Enterprise Linux 5 system is booted, firstboot  uses rhn_register  to register your system with RHN.

1. Before starting:

  1. Set system proxy and check Internet access to (or using firefox
  2. Set proxy in /etc/sysconfig/rhn/up2date
  3. If possible make access to passwordless in your proxy configuration.

For example:

enableProxy[comment]=Use a HTTP Proxy
httpProxy[comment]=HTTP proxy in host:port format, e.g.

After that you can run rhn_register (Oracle Linux users should run up2date -- register instead, Oracle Linux Registration). You can execute the command rhn_register  from the command line as root.

2. Use GUI version not text version of rhn_register. For example:

export DISPLAY=
rhn_register &

Use your main Red Hat network ID, not email address. Provide password.


 If you have never registered, you can start rhn_register by selecting Applications (the main menu on the panel) ⇒ System Tools ⇒ Package Updater. (You will be asked to enter the root password.) The Package Updater, when run on a system that has not yet been registered, triggers rhn_register if there is no /etc/sysconfig/rhn/systemid file on the system.

If you have already registered before and /etc/sysconfig/rhn/systemid exists on the system, rhn_register first asks if you are sure that you would like to register again. Doing so may create a duplicate system profile in RHN Satellite. Consider using rhnreg_ks and activation keys to re-register a system without creating a duplicate entry.

Command-line version of rhn_register

There is also a command-line version of rhn_register that allows you to register your system for access to RHN or Satellite without a graphical desktop environment.  I do not recommend to use it unless you no other options.

Type rhn_register at a shell prompt. If you are on shell terminal window and want to run the non-graphical version, you must type rhn_register --nox to prevent opening the graphical client.

Top Visited
Past week
Past month


Old News ;-)


When a RHEL system is not getting updated:

0) If you get "Not Checking In" notices, that means RHN knows
about it so it must have had steps 1-4 done correctly at one

1) Make sure you've added the recommended changes (or add if not there)
to /etc/sysconfig/rhn/up2date:

Change sslCACert=/usr/share/rhn/RHNS-CA-CERT
to sslCACert=/usr/share/rhn/RHNS-CORP-CA-CERT

Change serverURL=
to serverURL=

Change serverURL=
to serverURL=

2) Make sure you're system is registered
If a registration page keeps coming up, the registration
process failed. You should have seen an error message while
running update_up2date.

or, when you try to do an up2date, you get some text output
that looks like this:

34. httpProxy
35. headerCacheSize 40
36. noReboot No
Enter number of item to edit <return to exit, q to quit without saving>:

* Try registering again manually using:
/usr/sbin/rhnreg_ks --activationkey=

Watch for errors that indicate things like there are no more
available licenses.

3) If you get 'already registered' errors, use --force with rhnreg_ks
or rm /etc/sysconfig/rhn/systemid

4) Apply the following patches (i386 only - these are beta
release only - no patches for other platforms yet):

* save your /etc/sysconfig/rhn/up2date
* rpm -e --nodeps up2date up2date-gnome (this should save the above
file, but just in case)
* rpm -ivh
* rpm -ivh

5) Make sure rhnsd is running properly:
* chkconfig --level 345 rhnsd on
* service rhnsd start

6) If an update will modify a configuration file, up2date will
download the update but not apply it.
Config option is: noReplaceConfig

An example is httpd--the httpd.conf file would get moved aside
and replaced by one devoid of the system specific mods you

7) Have your NACS RHN contact (Minh, Con, or me) make sure that
the host entry on, under properties, is
checked to allow automatic updates.

8) If you get problems like this:

"The following packages on this system are out-of-date and
may be upgraded."

Filter by Latest Package:
1 - 3 of 3 (0 selected)
Select Latest Package Installed Package Related Errata
jaf-1.0.2-3jpp_2rh:0 jaf-20030319-1
javamail-1.3.1-1jpp_3rh:1 javamail-20031006-1
junit-3.8.1-3jpp_2rh:0 junit-3.8.1-1

halfdome-root) up2date --update --nox

Fetching Obsoletes list for channel: rhel-i386-as-3...

Fetching Obsoletes list for channel: rhel-i386-as-3-extras...

Fetching Obsoletes list for channel: rhel-i386-as-3-devsuite...

Fetching Obsoletes list for channel: rhel-3-as-i386-rhaps-beta...

Fetching rpm headers...

Name Version Rel

All packages are currently up to date

Try this solution:
halfdome-root) rpm --rebuilddb
halfdome-root) up2date -p

If that doesn't work, try:
Delete the system registered on
Delete /etc/sysconfig/rhn/systemid
Run the command: rhnreg_ks --activationkeys=KEY
where KEY is the activation key from NACS

9) Error message:
Unresolvable chain of dependencies:
samba 3.0.4-6.3E requires

System had two versions of samba installed: i386 and x86_64

Fix (be careful about conf files--back them up):
rpm -e --nodeps --allmatches CONFLICTING-PACKAGE

(Submitted by Tri)

*************************** OTHER THINGS ***************************
To convert from md5 to unix crypt password hashes:

Edit /etc/pam.d/system-auth and remove md5 from line:
password sufficient /lib/security/$ISA/ nullok use_authtok md5

Then convert all passwords from md5 to crypt--might be easiest to
just issue new ones since you md5 is a one-way algorithm.

Building a kernel
(Submitted by Dan)

Configuring software RAID
(Submitted by Dan)

If a package was updated accidently or the package update
is broken, it is possible to roll back the update. You can
only rollback all rollbacks listed, though, so it should
probably be done soon after a broken package is found. A

up2date --update

will re-install the most recent version again.

up2date --list-rollbacks # Show the rpm rollbacks available
up2date --undo # undo the last package set update

(can install a single package using rpm --nodigest --nosignature -i /var/spool/repackage/<package.rpm>)

An alternative to using up2date rollback is to manually remove the
new package and install the previous one:

rpm -e quota-3.10-4
rpm -i --nodigest --nosignature /var/spool/repackage/quota-3.09-1.x86_64.rpm


rpmdb: Program version 4.2 doesn't match environment version
error: db4 error(22) from dbenv->open: Invalid argument
error: cannot open Packages index using db3 - Invalid argument (22)
error: cannot open Packages database in /var/lib/rpm

The fix is to run the following commands:
\rm /var/lib/rpm/__*
rpm --rebuilddb


SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Try one of the following:

Fix 1:
Make sure there are enough licenses available
(check with Con, Minh, or Duncan)

Fix 2:
Make sure you have the current cert by removing old one and
installing new one:
rpm -e rhns-ca-cert-1.0-1
rpm -i


Error: up2date is downloading packages then starts repeating a package
name, followed by a message like:
Server error, partial package content

Fix: cd /var/spool/up2date and rm <pkg-name>* then retry
(removes the rpm and .hdr file)


Error: while up2dating you get an error regarding an rpm package that
looks like this:

kdelibs-3.3.1-3.3.i386.rpm: ########################## Done.
########################## Done.
The package kdelibs-3.3.1-3.3 does not have a valid GPG signature.
It has been tampered with or corrupted. Aborting...

************ GPG VERIFICATION ERROR ****************
The package kdelibs-3.3.1-3.3 failed its gpg signature verification. This
means the package is corrupt.

1) rm /var/spool/up2date/*
2) rerun /usr/sbin/up2date -u (or -uf)


During an up2date, you get the following message:
Testing package set / solving RPM inter-dependencies...
Segmentation fault

Try this fix:

\rm /var/spool/up2date/*
\rm /var/lib/rpm/__*
rpm --rebuilddb

then re-run up2date


When trying to update, get this error:

error: Can't create transaction lock

Try this:

rmdir /var/lock/rpm/transaction


There was a fatal RPM install error. The message was:
There was a rpm unpack error installing the package: httpd-2.0.46-46.2.ent

Problem could be with links versus directories. To get more info,
rpm the package manually using:

rpm -Uvh /var/spool/up2date/<package-name>.rpm

Error messages should help resolve the problem.


Problem with corrupt packages cached on client or proxy server
On client:
\rm /var/spool/up2date/*
\rm /var/lib/rpm/__*
rpm --rebuilddb

Then re-run up2date. If it fails, try below and then repeat
client steps

On RHN Proxy server:
A complete rebuild of squid cache will be necessary.

service rhn-proxy stop
rm -fr /var/spool/squid
mkdir /var/spool/squid
chown squid /var/spool/squid
squid -z
service rhn-proxy start

Problem is packages won't install.

Error messages:
rpm -Uvh httpd-2.0.52-12.2.ent.i386.rpm --nodeps
Preparing... ########################################### [100%]
error: %pre(httpd-2.0.52-12.2.ent.i386) scriptlet failed, exit status 255
error: install: %pre scriptlet failed (2), skipping httpd-2.0.52-12.2.ent

Solution, edit /etc/selinux/config and set


permissive is not good enough, despite what the docs say

Problem: can't update packages because system is confused about library

Testing package set / solving RPM inter-dependencies...
There was a package dependency problem. The message was:

Unresolvable chain of dependencies:
openldap 2.0.27-20 requires

[root@bgcluster01 root]# rpm -qa | grep openldap

Cause is usually i386 and x86_64 channels were both used to install
package but not all libs so the i386 libs appear missing when up2date
is trying to update the two versions.

rpm -e openldap-* --nodeps
/usr/sbin/up2date --install openldap

Then run up2date -uf again.

up2date says updates needed but won't install because already installed.
Error messages:
RPM package conflict error. The message was:
Test install failed because of package conflicts:
package seamonkey-1.0.2-0.1.0.EL3 is already installed

RHEL gets confused when there are 32- and 64-bit versions needed.

1) see what is currently installed:
rpm -q --queryformat="%{n}-%{v}-%{r}.%{arch}\n" seamonkey


2) Install the other version:
/usr/sbin/up2date -u seamonkey --arch=i386

/usr/sbin/up2date --list
Traceback (most recent call last):
File "/usr/sbin/up2date", line 11, in ?
import rpm
ImportError: cannot open shared object file: No such file
or directory

Download to /tmp:
unzip and untar and copy /tmp/usr/lib/* /usr/lib
/usr/sbin/up2date --list
RPM error. The message was:
Could not determine what version of Red Hat Linux you are running.
If you get this error, try running

rpm --rebuilddb

You will need to either download the redhat-release package for your
system from the Red Hat Network (RHN) or if the RPM package is
available install it from the /var/spool/up2date directory with the

# rpm -Uvh /var/spool/up2date/redhat-release*.rpm

If you have rollbacks, you can try:
rpm --nodeps --nomd5 --nodigest --nosignature -Uvh /var/spool/repackage/redhat-release-4AS-4.1.i386.rpm

PROBLEM: 404 Error when trying to update packages on RHEL 5


Error Downloading Packages: <package>:failed to retrieve getPackage/<package> rom rhel-x86_64-server-5
error was [Errno 14] HTTP Error 404: Not Found


# rm -rf /var/cache/yum/*

PROBLEM: up2date cert conflicts with rhn cert
or: rhn-ca-cert conflicts with up2date cert

cd /usr/share/rhn
rpm -Uvh --force
vi /etc/sysconfig/rhn/up2date

Recommended Links

Red Hat Network - About RHN - Client Configuration



The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright 1996-2018 by Dr. Nikolai Bezroukov. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019